Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

Photo: Getty
Show Hide image

Rising crime and fewer police show the most damaging impacts of austerity

We need to protect those who protect us.

Today’s revelation that police-recorded crime has risen by 10 per cent across England and Wales shows one of the most damaging impacts of austerity. Behind the cold figures are countless stories of personal misery; 723 homicides, 466,018 crimes with violence resulting in injury, and 205,869 domestic burglaries to take just a few examples.

It is crucial that politicians of all parties seek to address this rising level of violence and offer solutions to halt the increase in violent crime. I challenge any Tory to defend the idea that their constituents are best served by a continued squeeze on police budgets, when the number of officers is already at the lowest level for more than 30 years.

This week saw the launch Chris Bryant's Protect The Protectors Private Member’s Bill, which aims to secure greater protections for emergency service workers. It carries on where my attempts in the last parliament left off, and could not come at a more important time. Cuts to the number of police officers on our streets have not only left our communities less safe, but officers themselves are now more vulnerable as well.

As an MP I work closely with the local neighbourhood policing teams in my constituency of Halifax. There is some outstanding work going on to address the underlying causes of crime, to tackle antisocial behaviour, and to build trust and engagement across communities. I am always amazed that neighbourhood police officers seem to know the name of every kid in their patch. However cuts to West Yorkshire Police, which have totalled more than £160m since 2010, have meant that the number of neighbourhood officers in my district has been cut by half in the last year, as the budget squeeze continues and more resources are drawn into counter-terrorism and other specialisms .

Overall, West Yorkshire Police have seen a loss of around 1,200 officers. West Yorkshire Police Federation chairman Nick Smart is clear about the result: "To say it’s had no effect on frontline policing is just a nonsense.” Yet for years the Conservatives have argued just this, with the Prime Minister recently telling MPs that crime was at a record low, and ministers frequently arguing that the changing nature of crime means that the number of officers is a poor measure of police effectiveness. These figures today completely debunk that myth.

Constituents are also increasingly coming to me with concerns that crimes are not investigated once they are reported. Where the police simply do not have the resources to follow-up and attend or investigate crimes, communities lose faith and the criminals grow in confidence.

A frequently overlooked part of this discussion is that the demands on police have increased hugely, often in some unexpected ways. A clear example of this is that cuts in our mental health services have resulted in police officers having to deal with mental health issues in the custody suite. While on shift with the police last year, I saw how an average night included a series of people detained under the Mental Health Act. Due to a lack of specialist beds, vulnerable patients were held in a police cell, or even in the back of a police car, for their own safety. We should all be concerned that the police are becoming a catch-all for the state’s failures.

While the politically charged campaign to restore police numbers is ongoing, Protect The Protectors is seeking to build cross-party support for measures that would offer greater protections to officers immediately. In February, the Police Federation of England and Wales released the results of its latest welfare survey data which suggest that there were more than two million unarmed physical assaults on officers over a 12-month period, and a further 302,842 assaults using a deadly weapon.

This is partly due to an increase in single crewing, which sees officers sent out on their own into often hostile circumstances. Morale in the police has suffered hugely in recent years and almost every front-line officer will be able to recall a time when they were recently assaulted.

If we want to tackle this undeniable rise in violent crime, then a large part of the solution is protecting those who protect us; strengthening the law to keep them from harm where possible, restoring morale by removing the pay cap, and most importantly, increasing their numbers.

Holly Lynch is the MP for Halifax. The Protect the Protectors bill will get its second reading on the Friday 20th October. 

0800 7318496