Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

Getty
Show Hide image

Let's face it: supporting Spurs is basically a form of charity

Now, for my biggest donation yet . . .

I gazed in awe at the new stadium, the future home of Spurs, wondering where my treasures will go. It is going to be one of the architectural wonders of the modern world (football stadia division), yet at the same time it seems ancient, archaic, a Roman ruin, very much like an amphitheatre I once saw in Croatia. It’s at the stage in a new construction when you can see all the bones and none of the flesh, with huge tiers soaring up into the sky. You can’t tell if it’s going or coming, a past perfect ruin or a perfect future model.

It has been so annoying at White Hart Lane this past year or so, having to walk round walkways and under awnings and dodge fences and hoardings, losing all sense of direction. Millions of pounds were being poured into what appeared to be a hole in the ground. The new stadium will replace part of one end of the present one, which was built in 1898. It has been hard not to be unaware of what’s going on, continually asking ourselves, as we take our seats: did the earth move for you?

Now, at long last, you can see what will be there, when it emerges from the scaffolding in another year. Awesome, of course. And, har, har, it will hold more people than Arsenal’s new home by 1,000 (61,000, as opposed to the puny Emirates, with only 60,000). At each home game, I am thinking about the future, wondering how my treasures will fare: will they be happy there?

No, I don’t mean Harry Kane, Danny Rose and Kyle Walker – local as well as national treasures. Not many Prem teams these days can boast quite as many English persons in their ranks. I mean my treasures, stuff wot I have been collecting these past 50 years.

About ten years ago, I went to a shareholders’ meeting at White Hart Lane when the embryonic plans for the new stadium were being announced. I stood up when questions were called for and asked the chairman, Daniel Levy, about having a museum in the new stadium. I told him that Man United had made £1m the previous year from their museum. Surely Spurs should make room for one in the brave new mega-stadium – to show off our long and proud history, delight the fans and all those interested in football history and make a few bob.

He mumbled something – fluent enough, as he did go to Cambridge – but gave nothing away, like the PM caught at Prime Minister’s Questions with an unexpected question.

But now it is going to happen. The people who are designing the museum are coming from Manchester to look at my treasures. They asked for a list but I said, “No chance.” I must have 2,000 items of Spurs memorabilia. I could be dead by the time I finish listing them. They’ll have to see them, in the flesh, and then they’ll be free to take away whatever they might consider worth having in the new museum.

I’m awfully kind that way, partly because I have always looked on supporting Spurs as a form of charity. You don’t expect any reward. Nor could you expect a great deal of pleasure, these past few decades, and certainly not the other day at Liverpool when they were shite. But you do want to help them, poor things.

I have been downsizing since my wife died, and since we sold our Loweswater house, and I’m now clearing out some of my treasures. I’ve donated a very rare Wordsworth book to Dove Cottage, five letters from Beatrix Potter to the Armitt Library in Ambleside, and handwritten Beatles lyrics to the British Library. If Beckham and I don’t get a knighthood in the next honours list, I will be spitting.

My Spurs stuff includes programmes going back to 1910, plus recent stuff like the Opus book, that monster publication, about the size of a black cab. Limited editions cost £8,000 a copy in 2007. I got mine free, as I did the introduction and loaned them photographs. I will be glad to get rid of it. It’s blocking the light in my room.

Perhaps, depending on what they want, and they might take nothing, I will ask for a small pourboire in return. Two free tickets in the new stadium. For life. Or longer . . . 

Hunter Davies is a journalist, broadcaster and profilic author perhaps best known for writing about the Beatles. He is an ardent Tottenham fan and writes a regular column on football for the New Statesman.

This article first appeared in the 16 February 2017 issue of the New Statesman, The New Times