Font Size: A A A

Home > News > Case Studies > NCA cyber report

Case Studies

NCA cyber report

The National Crime Agency has today published its first Cyber Crime Assessment 2016. Outlining the threat to UK businesses from cyber crime, the NCA reports that the accelerating pace of technology and criminal cyber capability outpaces the UK’s collective response to cyber crime. The agency is calling for stronger collaborative working between government, law enforcement and, crucially, business to reduce vulnerabilities and prevent crime.

The assessment shows that cyber crime activity is growing fast and evolving, with the threats from Distributed Denial of Service (DDoS) and ransomware attacks increasing significantly in 2015. The NCA assesses that the most advanced and serious cyber crime threat to the UK is the direct or indirect result of a few hundred international cyber criminals, who target UK businesses to commit highly profitable, malware-facilitated fraud. Data breaches are the most common cyber crimes committed against businesses and the NCA estimates that cyber crime costs the UK economy billions of pounds per year. Under-reporting continues to obscure the full impact of cyber crime in the UK. This shortfall in reporting hampers the ability of law enforcement to understand the operating methods of cyber criminals and most effectively respond to the threat.

The NCA is urging businesses to view cyber crime not only as a technical issue but as a board-level responsibility, and to make use of the reporting paths available to them, sharing intelligence with law enforcement and each other. The NCA’s National Cyber Crime Unit leads the UK’s response to cyber crime, working with police forces, Regional Organised Crime Units and international law enforcement partners, to share intelligence and identify and disrupt the most significant cyber criminals worldwide.

Jamie Saunders, Director NCA National Cyber Crime Unit, said: “This is the first time the NCA has released a joint assessment with industry on cyber crime, and it is a good example of the collaborative approach between business, law enforcement and government that we need to cultivate and strengthen if we are to succeed. I hope that senior members of UK business, and not only those involved in the protection of their IT systems, take note of its contents and think seriously about ways that they can improve their defences and help law enforcement in the fight against cyber crime.”

For the 16-page report, visit


Troy Gill, Manager of Security Research at AppRiver said: “There are two main reasons why companies don’t report data breaches: they’re either ignorant of the breach or fearful it will cost them customers, drastically reducing their profits. Adding the threat of a fine or lawsuit in the case that a data breach is unreported, or at least not reported in a timely manner, certainly makes “doing the right thing” less expensive. Companies have proven that they can’t be entrusted to store data properly or implement good security practices on their own, so compliance is needed to ensure that they are at least meeting minimum standards to keep their customers’ information secure.

“Unless we’re talking about the board of a cybersecurity company or compliance agency, remaining secure and compliant is probably one tiny sliver of issues they deal with daily. If most boards knew what was at stake by remaining noncompliant or negligent with their IT security, they would make it a priority. Unfortunately, most don’t realize this until it’s too late.”

Stephen Love, Security Practise Lead – EMEA, Insight, said that in the fight against cybercrime, it’s time we stepped up our game. “Highlighted by the National Crime Agency (NCA) saying the technical capabilities of criminal gangs are outpacing the UK’s ability to deal with their threat, as an industry, we need to now take the fight to the criminals. The NCA also reiterated that the current threat landscape is not just made up of individual hacktivists causing havoc as a hobby, but that cybercriminals targeting the UK include well organised, international groups. While defensive measures like layered security solutions, anti-virus protection and encryption are crucial in protecting a business from attack, too often we are playing catch up. There might be a hole in a system that hackers infiltrate, so it is filled with a patch. Now it is vital we begin to think proactively and stop the hole from appearing in the first place.

“This is where a collaborative approach is needed between businesses and law enforcement agencies. Every organisation, no matter the size, needs to put security at the very top of the boardroom agenda to ensure all measures are taken to prevent a cyber-attack. In addition, if they do fall victim or their systems have foiled an attack, the organisation should report it to a law enforcement agency immediately. While we currently face an uphill battle against criminals operating in a deep and sophisticated dark market, by working together, we stand a fighting chance. Through sharing information across industries, we will soon find ourselves one step ahead in finding cybercriminals and stopping them before they can act.”

And David Kennerley, Director of Threat Research at Webroot, said: “The dark web makes it far too easy for criminals to collaborate, sharing tools and techniques, which means the NCA – and UK businesses – are fighting cybercrime on a global scale. This sophisticated underground cyber criminal community means that anyone with a basic understanding is able to learn quickly and launch an attack on a business, however, the biggest threat still comes from a handful of highly skilled individuals.

“2.46 million reported incidents last year is not surprising – the actual number will almost certainly be higher. While some attacks are very sophisticated and well planned, others work more on a trial and error basis. This means that with very little effort, with the aid of automated systems criminals can try their luck thousands of times hoping to find the weakest link – whether that be by a software vulnerability or an unfortunate end user clicking on something they shouldn’t have. This of course puts a huge strain on IT departments – limited budgets and resources, with so many possible attack vectors to defend.

“But there’s something to learn from the cyber criminals here – cross country collaboration and information sharing is essential to succeed. There are many organisations that work with businesses to promote information sharing, such as CiSP, but we need to be much faster. Threat intelligence needs to be shared almost instantly, instead of over the course of days and weeks. To keep up with the high volume of new threats facing businesses real-time updates to software is imperative. Only by using smart threat intelligence will organisations receive the collective intelligence based detection, protection and alerting systems needed to combat the ever-more professional cyber criminals of today.”

David Emm, Principal Security Researcher at Kaspersky Lab, said: “The National Crime Agency’s new research confirms what we have understood for some time – that cybercriminals are becoming more resourceful and efficient in attacking corporate and government systems. From our own work, the types of targeted attacks we’ve uncovered demonstrate that cyber-gangs have access to a large pool of skill and resource, and this is continuing to grow on a daily basis. We now live in a connected world, so there are plenty of opportunities to steal sensitive information, which has effectively become a commodity. This underground market provides access to the skills and resources needed to carry out such attacks, as well as to various kinds of stolen data.

“The NCA’s findings are a warning to all organisations that it is simply no longer enough to protect the perimeter of a corporate network. The business environment has changed significantly in recent years; mobile working has created more fluid business systems and companies need to develop an in-depth defence strategy, including how to minimise the impact of a breach – rather than simply relying on blocking threats at the perimeter. It’s also vital that businesses develop processes to restrict the room for manoeuvre of attackers. For example, not providing blanket admin access to all employees and segmenting the network to limit the scope of a breach. I would also stress that as individual consumers we need to be more aware of the cyber-security threats being carried out around us, with more people than ever trying to steal our personal and corporate information. Governments and businesses have an important role to play in raising the security awareness of citizens and employees respectively.”


Related News