Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

Getty
Show Hide image

The joy of only winning once: why England should be proud of 1966

We feel the glory of that triumphant moment, 50 years ago, all the more because of all the other occasions when we have failed to win.

There’s a phrase in football that I really hate. It used to be “Thirty years of hurt”. Each time the England team crashes out of a major tournament it gets regurgitated with extra years added. Rather predictably, when England lost to Iceland in Euro 2016, it became “Fifty years of hurt”. We’ve never won the European Championship and in 17 attempts to win the World Cup we have only won once. I’m going to tell you why that’s a record to cherish.

I was seven in 1966. Our telly was broken so I had to watch the World Cup final with a neighbour. I sat squeezed on my friend Colin’s settee as his dad cheered on England with phrases like “Sock it to them Bobby”, as old fashioned now as a football rattle. When England took the lead for the second time I remember thinking, what will it feel like, when we English are actually Champions of the World. Not long after I knew. It felt good.

Wembley Stadium, 30 July 1966, was our only ever World Cup win. But let’s imagine what it would be like if, as with our rivals, we’d won it many times? Brazil have been World Champions on five occasions, Germany four, and Italy four. Most England fans would be “over the moon” if they could boast a similarly glorious record. They’re wrong. I believe it’s wonderful that we’ve only triumphed once. We all share that one single powerful memory. Sometimes in life less is definitely more.

Something extraordinary has happened. Few of us are even old enough to remember, but somehow, we all know everything that happened that day. Even if you care little about the beautiful game, I’m going to bet that you can recall as many as five iconic moments from 50 years ago. You will have clearly in your mind the BBC commentator Kenneth Wolstenholme’s famous lines, as Geoff Hurst tore down the pitch to score his hat-trick: “Some people are on the pitch. They think it’s all over. It is now”. And it was. 4 - 2 to England against West Germany. Thirty minutes earlier the Germans had equalised in the dying moments of the second half to take the game to extra time.

More drama we all share: Geoff Hurst’s second goal. Or the goal that wasn’t, as technology has since, I think, conclusively proved. The shot that crashed off the cross bar and did or didn’t cross the line. Of course, even if you weren’t alive at the time, you will know that the linesman, one Tofiq Bakhramov, from Azerbaijan (often incorrectly referred to as “Russian”) could speak not a word of English, signalled it as a goal.

Then there’s the England Captain, the oh-so-young and handsome Bobby Moore. The very embodiment of the era. You can picture him now wiping his muddy hands on his white shorts before he shakes hands with a youthful Queen Elizabeth. Later you see him lifted aloft by his team mates holding the small golden Jules Rimet trophy.

How incredible, how simply marvellous that as a nation we share such golden memories. How sad for the Brazilians and Germans. Their more numerous triumphs are dissipated through the generations. In those countries each generation will remember each victory but not with the intensity with which we English still celebrate 1966. It’s as if sex was best the first time. The first cut is the deepest.

On Colin’s dad’s TV the pictures were black and white and so were the flags. Recently I looked at the full colour Pathe newsreel of the game. It’s the red, white and blue of the Union Jack that dominates. The red cross of Saint George didn’t really come into prominence until the Nineties. The left don’t like flags much, unless they’re “deepest red”. Certainly not the Union Flag. It smacks of imperialism perhaps. In 1966 we didn’t seem to know if we were English or British. Maybe there was, and still is, something admirable and casual about not knowing who we are or what is our proper flag. 

Twelve years later I’m in Cuba at the “World Festival of Youth” – the only occasion I’ve represented my country. It was my chance to march into a stadium under my nation’s flag. Sadly, it never happened as my fellow delegates argued for hours over what, if any, flag we British should walk behind. The delegation leaders – you will have heard of them now, but they were young and unknown then – Peter Mandelson, Trevor Phillips and Charles Clarke, had to find a way out of this impasse. In the end, each delegation walked into the stadium behind their flag, except the British. Poor Mandelson stood alone for hours holding Union Jack, sweltering in the tropical sun. No other country seemed to have a problem with their flag. I guess theirs speak of revolution; ours of colonialism.

On Saturday 30 July BBC Radio 2 will commemorate the 50th anniversary of the 1966 World Cup Final, live from Wembley Arena. Such a celebration is only possible because on 16 occasions we failed to win that trophy. Let’s banish this idea of “Fifty years of hurt” once and for all and embrace the joy of only winning once.

Phil Jones edits the Jeremy Vine Show on BBC Radio 2. On Saturday 30 July the station celebrates the 50th anniversary of the 1966 World Cup Final live from Wembley Arena, telling the story of football’s most famous match, minute by minuteTickets are available from: www.wc66.org