Industrialisation of cybercrime poses new security threats
A recent report from BT and KPMG warns of emerging threats from profit-orientated and highly-organised cyber criminal enterprises and says businesses must work closer with law enforcement.
A recent report from BT and KPMG warns of emerging threats from profit-orientated and highly-organised cyber criminal enterprises and says businesses must work closer with law enforcement.
It comes as latest figures released by the Office for National Statistics in the Crime Survey for England Wales show that nearly six million fraud and cybercrimes are committed every year, mostly related to bank fraud.
It estimated there were two million computer misuse offences and 3.8 million fraud offences in the 12 months to the end of March 2016.
Fraud prevention service Cifas said the number of victims of identity theft rose by 57 per cent last year 148,000 victims in the UK compared to 94,500 in 2014 with social media sites such as Facebook, Twitter and LinkedIn becoming a hunting ground for identity thieves.
Fraud specialists say the internet is awash in consumer financial and identity data, just waiting to be plucked and cashed out.
Yet the report from BT and KPMG says only a fifth of IT decision-makers in large multinational corporations are confident that their organisation is fully prepared against the threat of cyber criminals. The majority of companies feel constrained by regulation, available resources and a dependence on third parties when responding to attacks, according to the new research.
The report, Taking the Offensive Working together to disrupt digital crime, found that while 94 per cent of IT decision makers were aware that criminal entrepreneurs were blackmailing and bribing employees to gain access to organisations, roughly half (47 per cent) admitted that they did not have a strategy in place to prevent it.
The report also found that 97 per cent of those questioned experienced a cyber-attack, with half reporting an increase in the past two years. At the same time, 91 per cent of respondents believe they face obstacles in defending against digital attack, with many citing regulatory obstacles, and 44 per cent being concerned about the dependence on third parties for aspects of their response.
Paul Taylor, UK head of cyber security at KPMG, said: Its time to think differently about cyber risk ditching the talk of hackers and recognising that our businesses are being targeted by ruthless criminal entrepreneurs with business plans and extensive resources intent on fraud, extortion or theft of hard won intellectual property.
Talking generically about cyber risk doesnt deliver insight. You need to think about credible attack scenarios and consider how cyber security, fraud control, and business resilience work together to prepare for, and deal with those threats. If thats done, then cyber security can become a mainstream corporate strategy as a vital component of doing business in the digital world.
Mark Hughes, chief executive officer, Security, at BT, said industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft.
The 21st century cyber criminal is a ruthless and efficient entrepreneur, supported by a highly developed and rapidly evolving black market. With cybercrime continuing to escalate, a new approach to digital risk is needed and that means putting yourself in the shoes of attackers, he said.
Businesses need to not only defend against cyber attacks, but also disrupt the criminal organisations that launch those attacks. They should certainly work closer with law enforcement as well as partners in the cyber security marketplace.?
The BT/KPMG report said chief digital risk officers are now being appointed to hold strategic roles that combine digital expertise with high-level management skills.
The Taking the Offensive Working together to disrupt digital crime report extensively quotes a number of security directors of well-known global organisations and lists examples of the many forms of criminal attacks encountered, including various types of malware or phishing attacks. It also describes the business models favoured by the criminals and the black market