Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

Getty
Show Hide image

To heal Britain’s cracks, it’s time for us northern graduates in London to return home

Isn’t it time for people like me, who’ve had privileges and experiences not open to everyone, to start heading back to our local communities, rather than reinforcing London’s suffocating dominance?

I’m from Warrington. The least cultured town in the UK. My town.

I moved to London almost exactly five years ago. Not because I particularly wanted to. Not because I wanted to depart the raucous northern town that I still call home. Because it was my only choice, really. I’d done my stint in the call centres and had some fun. But that couldn’t, surely, be my lot?

After university, I’d already started feeling a little weird and out of place back in Wazza. There were fewer and fewer people who didn’t look at me like I’d just fallen off a futuristic space flight that’d given me a different accent and lofty ideals.

Of course, that’s because most people like me had already skipped town without looking back and were all in the capital trying to strike beyond the ordinary.

The young, the cities, the metropolitan elite are still reeling after last week’s vote and wondering how people, half of our people, have got it so horribly wrong. We’re different, divided, done for.  

One thing I’ve clung onto while I’ve been in London is the fact that I’m from Warrington and proud. It might not be a cultured town, but it’s my town.

But I wasn’t proud of the outcome of the EU referendum that saw my town vote 54.3 per cent to 45.7 per cent to leave.

To be fair, even in my new “home” borough of Hackney, east London, the place with the third-largest Remain vote, one in five people voted for Brexit.

Yes, in one of London’s hottest and most international neighbourhoods, there are quite a lot of people who don’t feel like they’re being taken along to the discotheque.

Perversely, it was the poorest places in the UK that voted in largest numbers to leave the EU – that’s the same EU that provides big chunks of funding to try to save those local economies from ruin.

In many ways, of course, I understand the feelings of those people back in the place I still sometimes think of as home.

Compared to many suffering places in the UK, Warrington is a “boom town” and was one of the only places that grew during the last recession.

It’s a hub for telecoms and logistics companies, because, ironically, its good transport links make it an easy place to leave.

But there are many people who aren’t “living the dream” and, like anywhere else, they aren’t immune from the newspaper headlines that penetrate our brains with stories of strivers and scroungers.

Warrington is one of the whitest places in the UK, and I’m sure, to many locals, that means those immigrants are only a few towns away. There’s already a Polski sklep or two. And a few foreign taxi drivers. Those enterprising bastards.

We have never seriously addressed the economic imbalance in our economy. The gaping north-south divide. The post-industrial problem that politicians in Westminster have handily ignored, allowing the gap to be filled by those who find it quick and easy to blame immigrants.

When schemes like HS2, which is plotted to smash right through the place I grew up, are pushed against all of the evidence, instead of a much-needed, intercity Leeds to Liverpool investment to replace the two-carriage hourly service, it’s like positively sticking two fingers up to the north.

But I am also a big problem. People like me, who get educated and quickly head off to London when things aren’t going our way. We invested in ourselves, sometimes at state expense, and never really thought about putting that back into the places where we grew up.

There weren’t the right opportunities back home and that still stands. But, rather than doing something about that, people like me lazily joined the gravy train for London and now we’re surprised we feel more kinship with a 20-something from Norway than we do with someone who we used to knock on for when we should have been at school.

That’s not to suggest that our experiences in the capital – or mine at least – haven’t made us a thousand, million times better. 

I’ve met people who’ve lived lives I would never have known and I’m a profoundly better person for having the chance to meet people who aren’t just like me. But to take that view back home is increasingly like translating a message to someone from an entirely different world.

“You know, it’s only because you live in a country like this that a woman like you is allowed to even say things like that,” assured one of my dad’s friends down at the British Legion after we’d had a beer, and an argument or two.

Too right, pal. We live in what we all like to think is an open and tolerant and progressive society. And you’re now saying I shouldn’t use that right to call you out for your ignorance?

We’re both Warringtonians, English, British and European but I can increasingly find more agreement with a woman from Senegal who’s working in tech than I can with you.

It’s absolutely no secret that London has drained brains from the rest of the country, and even the rest of the world, to power its knowledge economy.

It’s a special place, but we have to see that there are many people clamouring for jobs they are far too qualified for, with no hope of saving for a home of their own, at the expense of the places they call home.

It’s been suggested in the past that London becomes its own city-state, now Londoners are petitioning to leave the UK.

But isn’t it time for people like me, who’ve had privileges and experiences not open to everyone, to start heading back to our local communities, rather than reinforcing London’s suffocating dominance?

We can expect local governments to do more with less, but when will we accept we need people power back in places like Warrington if we want to change the story to one of hope?

If this sounds like a patronising plan to parachute the north London intelligentsia into northern communities to ensure they don’t make the same mistake twice... Get fucked, as they say in Warrington.

It was Warrington that raised me. It’s time I gave something back.

Kirsty Styles is editor of the New Statesman's B2B tech site, NS Tech.