Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

Photo: Getty Images
Show Hide image

What's to be done about racial inequality?

David Cameron's words on equal opportunities are to be welcomed - now for some action, says Sunder Katwala.

David Cameron made the strongest, clearest and most high profile statement about ethnic inequalities and the need to tackle discrimination ever yet offered by a British Prime Minister in his leader’s speech to the Conservative Party conference in Manchester.
“Picture this. You’ve graduated with a good degree. You send out your CV far and wide. But you get rejection after rejection. What’s wrong? It’s not the qualifications or the previous experience. It’s just two words at the top: first name, surname. Do you know that in our country today: even if they have exactly the same qualifications, people with white-sounding names are nearly twice as likely to get call backs for jobs than people with ethnic-sounding names? … That, in 21st century Britain, is disgraceful. We can talk all we want about opportunity, but it’s meaningless unless people are really judged equally”, said Cameron.
While the proof of the pudding will be in the eating, this was a powerfully argued Prime Ministerial intervention – and a particularly well-timed one, for three reasons.

Firstly, the Prime Minister was able to root his case in an all-but-universally accepted appeal for equal opportunities. It will always prove more difficult in practice to put political energy and resources behind efforts to remedy discrimination against a minority of the population unless a convincing fairness case is made that values cherished across our whole society are at stake. Cameron’s argument, that any party which tells itself that it is the party of the ‘fair chance’ and ‘the equal shot’ must have a response when there is such clear evidence of discrimination, should prove persuasive to a Conservative Party that has not seen race inequalities as its natural territory. Cameron argued that the same principles should animate responses to discrimination when it comes to race, gender and social class. Put like that, wanting job interviews to be fair – by eradicating conscious and unconscious patterns of bias wherever possible – would strike most Britons as offering as clear a case of the values of fair play as wanting the best baker to win the Great British Bake-Off on television.
Secondly, Cameron’s intervention comes at a potential "tipping point" moment for fair opportunities across ethnic groups. Traditionally, ethnic discrimination has been discussed primarily through the lens of its impact on the most marginalised. Certainly, persistent gaps in the criminal justice system, mental health provision and unemployment rates remain stark for some minority groups. What has been less noticed is the emergence of a much more complex pattern of opportunity and disadvantage – not least as a consequence of significant ethnic minority progress.

Most strikingly of all, in educational outcomes, historic attainment gaps between ethnic minorities and their white British peers have disappeared over the last decade. In the aggregate, ethnic minorities get better GCSE results on average. Ethnic minority Britons are more likely, not less likely, to be university graduates than their fellow citizens. 

As a result of that progress, Cameron’s intervention comes at a moment of significant potential – but significant risk too. Britain’s ethnic minorities are the youngest and fastest-growing sections of British society. If that educational progress translates into economic success, it will make a significant contribution to the "Great British Take-Off" that the Prime Minister envisions. But if that does not happen, with educational convergence combined with current ‘ethnic penalties’ in employment and income persisting, then that potential could well curdle into frustration that the British promise of equal opportunities is not being kept.  Cameron also mirrored his own language in committing himself to both a ‘fight against extremism’ and a ‘fight against discrimination’: while those are distinct challenges and causes, actively pursuing both tracks simultaneously has the potential, at least, depolarise some debates about responses to extremism  - and so to help deepen the broad social coalitions we need for a more cohesive society too.

Thirdly, Cameron’s challenge could mark an important deepening in the political competition between the major parties on race issues. Many have been struck by the increase in political attention on the centre-right to race issues over the last five to ten years. The focus has been on the politics of representation. By increasing the number of non-white Conservative MPs from two to seventeen since 2005, Cameron has sent a powerful signal that Labour’s traditional claim to be ‘the party of ethnic minorities’ would now be contested. Cameron was again able to celebrate in Manchester several ways in which his Cabinet and Parliamentary benches demonstrate many successful journeys of migrant and minority integration in British society. That might perhaps help to ease the fears, about integration being impossible in an era of higher immigration, which the Home Secretary had articulated the previous day.

So symbolism can matter. But facial diversity is not enough. The politics of ethnic minority opportunity needs to be about more than visits to gurdwaras, diversity nights at the party conference fringes and unveiling statues of Mahatma Gandhi in Parliament Square. Jeremy Corbyn’s first speech as Labour leader did include one brief celebratory reference to Britain’s ethnic diversity – “as I travelled the country during the leadership campaign it was wonderful to see the diversity of all the people in our country” – and to Labour bringing in more black, Asian and ethnic minority members - but it did not include any substantial content on discrimination. Tim Farron acknowledged during his leadership campaign that the Liberal Democrats have struggled to get to the starting-line on race and diversity at all. The opposition parties too will no doubt now be challenged to match not just the Prime Minister’s rhetorical commitment to challenging inequalities but also to propose how it could be done in practice.

Non-white Britons expect substance, not just symbolism from all of the parties on race inequalites.  Survation’s large survey of ethnic minority voters for British Future showed the Conservatives winning more ethnic minority support than ever before – but just 29 per cent of non-white respondents were confident that the Conservatives are committed to treating people of every ethnic background equally, while 54 per cent said this of Labour. Respondents were twice as likely to say that the Conservatives needto do more to reach out – and the Prime Minister would seem to be committed to showing that he has got that message.  Moreover, there is evidence that ethnic inclusion could be important in broadening a party’s appeal to other younger, urban and more liberal white voters too – which is why it made sense for this issue to form part of a broader attempt by David Cameron to colonise the broad centre of British politics in his Manchester speech.

But the case for caution is that there has been limited policy attention to ethnic inequalities under the last two governments. Restaurateur Iqbal Wahhab decided to give up his role chairing an ethnic minority taskforce for successive governments, unconvinced there was a political commitment to do much more than convene a talking shop. Lib Dem equalities minister Lynne Featherstone did push the CV discrimination issue – but many Conservatives were sceptical. Cameron’s new commitment may face similar challenges from those whose instinct is to worry that more attention to discrimination or bias in the jobs market will mean more red tape for business.

Labour had a separate race inequalities manifesto in 2015, outside of its main election manifesto, while the Conservative manifesto did not contain significant commitments to racial inequality. The mid-campaign launch in Croydon of a series of race equality pledges showed an increasing awareness of the growing importance of ethnic minority votes - though the fact that they all involved aiming for increases of 20 per cent by 2020 gave them a slightly back-of-the-envelope feel. 

Prime Ministerial commitments have an important agenda-setting function. A generation ago the Stephen Lawrence case opened the eyes of middle England to racist violence and police failures, particularly through the Daily Mail’s persistent challenging of those injustices. A Conservative Prime Minister’s words could similarly make a big difference in the mainstreaming of the issue of inequalities of opportunity. What action should follow words? Between now and next year’s party conference season, that must will now be the test for this Conservative government – and for their political opponents too. 

Sunder Katwala is director of British Future and former general secretary of the Fabian Society.