Escaping the “black hole”: how to measure cybercrime

How big a threat is cybercrime to UK industry, and how do we deal with it?

The vast majority of parliamentary committee reports do not prompt headlines containing phrases like “losing the war”, “falling into a black hole”, and “a bigger threat than nuclear attack”. Last week’s Home Affairs Select Committee report on e-crime was a notable exception. For those who make a living fighting cyber-crime, however, the report held very little that would shock. Indeed, my colleague Art Coviello spoke at length to the Committee, and whilst he agreed with their assessment that we weren't winning the battle, he had considerable praise for the way both British business and government were coming together around the challenge.

Now the dust has settled somewhat, it’s worth separating reality from hyperbole, and perhaps considering what might actually be done about the problem. To do so, we should begin on a positive note. The headlines came about because the UK features so high on the list of targets for cyber criminals but, in some ways, this is as reassuring as it is a point of concern. The reason we're such a persistent target of attack is because we have so much worth stealing – financial assets, intellectual property and the type of vibrant dynamic business that generates both. We shouldn’t worry if criminals wish to steal from us, but we must work to limit their chances of success. So, what can we do to thwart the criminals? And how well are we doing currently?

The second question is easy to answer, and the answer is: not too badly. We may not be winning the war, but we’re not losing either – the "black hole" of the report is really a sort of jurisdictive black hole, and it’s unlikely to swallow the nation’s finances any time soon. That’s not, however, to deny the scale of the problem, and the question of how we solve it is undeniably complicated. The issue is a truly global one, and criminals have more weapons at their disposal than ever before.

Cyber-security professionals refer to the "attack surface" to describe how cyber-criminals access their victims and, in the space of the last ten years, this has changed beyond all recognition. When the internet was primarily a means of accessing information, the avenues through which cyber criminals could reach their victims were limited, and so was the extent of their potential gains. Now, with almost any product or service available online, with a plethora of different social networks, and with smartphones and many different devices connected to the internet, there are few limits to the means criminals can employ to steal from organisations and individuals.

No individual or organisation can hope to stand alone against this threat. Companies that wish to defend themselves have little alternative but to collaborate on their response to cyber-crime. The criminals themselves see the value of such a strategy, and their information-sharing networks are extraordinarily effective. At our subsidiary RSA, we maintain cyber-security watch posts around the world, and from these we see criminals exchanging data on the vulnerabilities that allow them to steal money and intellectual property from organisations and individuals.

This is a sophisticated and agile underground economy which feeds parasitically on legitimate commerce, and which lawful businesses cannot hope to curb without concerted action. However, even recent discourse on the issue has not sufficiently stressed the importance of collaboration. For example, the CBI’s otherwise very sensible response to the Committee’s report struck a false note in its suggestion we should be "fighting crime in private". That would be a lonely and unsuccessful fight, and it’s crucial that British businesses are aware of how numerous, how skilled, and how efficiently collaborative cyber-criminals are. No organisation could hope to combat them alone.

However, with a coherent framework for businesses to share information on cyber threats, businesses are well-placed to beat the cyber threat. Many business leaders may shy away from the idea of engaging with their competitors and peers in industry, but strong precedents have already been set in sectors at high risk of cybercrime. Financial services is one of these and, while companies in the industry are more protective of proprietary information than those in almost any other, the scale of the threat is such that a formal means of sharing intelligence is a necessity. In financial services, the eFraudNetwork cybercrime watch service allows companies worldwide to securely share information about cyber-crime, so that once one attempted theft is thwarted, the perpetrators cannot simply move on to try the same methods at another organisation.

Such a network is very effective in curbing fraud and theft, and the good news is that this kind of information sharing is not complex or expensive, and need not negatively impact on the competitive advantages or information privacy of the organisations involved. It is a model that could easily be replicated in other industries. Much work is already being done to achieve this; indeed, RSA will shortly release a cyber-threat intelligence model, which will propose a global industry standard framework for business-to-business information sharing. Last week’s Committee report implied that a political intervention is possible so, however it chooses to do so, the business community should act while it is still able to shape a response according to its own priorities. After all, if there’s one thing that we know about cyber criminals, it’s that they never stop working to improve the methods they use. As the lawless learn to attack more effectively, so the lawful must learn to defend better – and no one organisation can succeed in doing this alone.

James Petter is vice president and managing director of EMC UK&I

Photograph: Getty Images

James Petter is vice president and managing director of  internet services company EMC UK&I.

Photo: Getty
Show Hide image

The Future of the Left: A new start requires a new economy

Creating a "sharing economy" can get the left out of its post-crunch malaise, says Stewart Lansley.

Despite the opportunity created by the 2008 crisis, British social democracy is today largely directionless. Post-2010 governments have filled this political void by imposing policies – from austerity to a shrinking state - that have been as economically damaging as they have been socially divisive.

Excessive freedom for markets has brought a society ever more divided between super-affluence and impoverishment, but also an increasingly fragile economy, and too often, as in housing, complete dysfunction.   Productivity is stagnating, undermined by a model of capitalism that can make big money for its owners and managers without the wealth creation essential for future economic health. The lessons of the meltdown have too often been ignored, with the balance of power – economic and political – even more entrenched in favour of a small, unaccountable and self-serving financial elite.

In response, the left should be building an alliance for a new political economy, with new goals and instruments that provide an alternative to austerity, that tackle the root causes of ever-growing inequality and poverty and strengthen a weakening productive base. Central to this strategy should be the idea of a “sharing economy”, one that disperses capital ownership, power and wealth, and ensures that the fruits of growth are more equally divided. This is not just a matter of fairness, it is an economic imperative. The evidence is clear: allowing the fruits of growth to be colonised by the few has weakened growth and made the economy much more prone to crisis.

To deliver a new sharing political economy, major shifts in direction are needed. First, with measures that tackle, directly, the over-dominance of private capital. This could best be achieved by the creation of one or more social wealth funds, collectively held financial funds, created from the pooling of existing resources and fully owned by the public. Such funds are a potentially powerful new tool in the progressive policy armoury and would ensure that a higher proportion of the national wealth is held in common and used for public benefit and not for the interests of the few.

Britain’s first social wealth fund should be created by pooling all publicly owned assets,  including land and property , estimated to be worth some £1.2 trillion, into a single ring-fenced fund to form a giant pool of commonly held wealth. This move - offering a compromise between nationalisation and privatization - would bring an end to today’s politically expedient sell-off of public assets, preserve what remains of the family silver and ensure that the revenue from the better management of such assets is used to boost essential economic and social investment.

A new book, A Sharing Economy, shows how such funds could reduce inequality, tackle austerity and, by strengthening the public asset base, rebalance the public finances.

Secondly, we need a new fail safe system of social security with a guaranteed income floor in an age of deepening economic and job insecurity. A universal basic income, a guaranteed weekly, unconditional income for all as a right of citizenship, would replace much of the existing and increasingly means-tested, punitive and authoritarian model of income support. . By restoring universality as a core principle, such a scheme would offer much greater security in what is set to become an increasingly fragile labour market. A basic income, buttressed by a social wealth fund, would be key instruments for ensuring that the potential productivity gains from the gathering automation revolution, with machines displacing jobs, are shared by all.  

Thirdly, a new political economy needs a radical shift in wider economic management. The mix of monetary expansion and fiscal contraction has proved a blunderbuss strategy that has missed its target while benefitting the rich and affluent at the expense of the poor. By failing to tackle the central problem  – a gaping deficit of demand (one inflamed by the long wage squeeze and sliding investment)  - the strategy has slowed recovery.  The mass printing of money (quantitative easing) may have helped prevent a second great depression, but has also  created new and unsustainable asset bubbles, while austerity has added to the drag on the economy. Meanwhile, record low interest rates have failed to boost private investment and productivity, but by hiking house prices, have handed a great bonanza to home owners at the expense of renters.

Building economic resilience will require a more central role for the state in boosting and steering investment programmes, in part through the creation of a state investment bank (which could be partially financed from the proposed new social wealth fund) aimed at steering more resources into the wealth creating activities private capital has failed to fund.

With too much private credit used for financial speculation and property, and too little to small companies and infrastructure, government needs to play a much more direct role in creating credit, while restricting the almost total freedom currently handed to private banks.  Tackling the next downturn, widely predicted to land within the next 2-3 years, will need a very different approach, including a more active fiscal policy. To ensure a speedier recovery from recessions, future rounds of quantitative easing should, within clear constraints, boost the economy directly by financing public investment programmes and cash handouts (‘helicopter money’).  Such a police mix – on investment, credit and stimulus - would be more effective in boosting the real economic base, and would be much less pro-rich and anti-poor in its consequences.

These core changes would greatly reform the existing Anglo-Saxon model of capitalism and provide the foundations for building support for a new direction for progressive politics. They would pioneer new tools for building a fairer, more dynamic and more stable economy. They could draw on experience elsewhere such as the Alaskan annual citizen’s dividend (financed by a sovereign wealth fund) and the pilot basic income schemes launching in the Netherlands, Finland and France.  Even mainstream economists, including Adair Turner, former chairman of the Financial Services Authority, are now talking up the principle of ‘helicopter money’. For these reasons, parts of the package are likely to prove publicly popular and command support across the political divide. Together they would contribute to a more stable economy, less inequality, and a more even balance of power and opportunity.

 

Stewart Lansley is the author of A Sharing Economy, published in March by Policy Press and of Breadline Britain, The Rise of Mass Impoverishment (with Joanna Mack).