Interviews

Cyber crime in the millions

by Mark Rowe

Cyber offences are the main crimes facing people, given an estimated 3.8 million fraud and two million computer misuse offences a year, and harassment offences, including revenge porn, according to the latest Crime Survey for England and Wales (CSEW).

Unlike victims of violence, victimisation from fraud was greater in higher income households of £50,000 or more (9.1 per cent) than lower income households of less than £10,000 (5.6 per cent). Individuals in managerial and professional occupations were more likely to be a victim of fraud (8.0 per cent) than individuals in routine or manual occupations (5.3 per cent), full-time students (4.4 per cent) and those who have never worked or are in long term unemployment (3.8 per cent). This is in contrast to violence and burglary where young adults and student households are at greatest risk of being victims.

The large majority of victims of fraud had been a victim only once (84 per cent). Victims received a full reimbursement in 43 per cent of fraud incidents (1.6 million), typically from their financial provider.

Fraud estimates from the CSEW are substantially higher than those suggested by the police recorded figures on fraud. Only around one-fifth of victims of fraud report the incident to either the police or Action Fraud. The Crime Survey for England and Wales (CSEW) is a household survey, and as such, information collected on fraud offences only relate to the resident adults. Fraud against businesses is not covered by the CSEW.

The CSEW data on plastic card fraud over the last decade show that this type of crime has been more prevalent than many traditional crimes, with individuals around six times more likely to be a victim of plastic card fraud than a victim of theft from the person, and around 17 times more likely than robbery.

Police views

At the National Police Chiefs’ Council (NPCC), the lead for cybercrime, Deputy Chief Constable for the East Midlands Peter Goodman said: “Despite long term falls in traditional crime types, there is growing evidence that crime has moved online. Digital and cybercrime is no longer a curiosity or new specialism in policing: it’s what we deal with on a daily basis.

“The priorities for law enforcement are to make the UK a hostile place for cyber-criminals to target or operate, improve the response to victims and develop capabilities in local forces. The NPCC is working closely with the National Crime Agency and College of Policing to develop effective systems and train staff tackle fraud, cyber and digital crime. Transforming our response to these crimes is a challenge but it is a priority for investment in policing. Additional funding through the National Cyber Security Programme has supplied specialist investigators and protect officers at regional level and there’s increasing evidence of forces supporting this with local cyber-capabilities.”

And on the survey findings generally, the NPCC Lead for Crime Recording, Chief Constable Jeff Farrar said: “We have seen an upward trend in knife related offences, which the service is determined to address. Operation Sceptre is one example of forces coming together to share good practice, educate and tackle the supply of illegal weapons. A key element of Operation Sceptre has also been for police forces to carry out enforcement activity including targeting habitual knife carriers and those shops who are willing to sell to those who are underage. These operations will continue throughout the rest of the year.”

Comments

Paul Taylor, UK head of cyber security at the audit firm KPMG calls the cybercrime and fraud statistics in the latest ONS crime survey deeply concerning, but not surprising. “More than half of the 3.8 million incidents of fraud against the individual are cyber related, with a further two million incidents of computer misuse, hacking and viruses. It’s clear that crime is becoming cyber enabled as our world becomes digital. Greater transparency around the scale of this problem is vital, helping set the national priorities for law enforcement resources, and underlining the need for industry and government to work together to combat this growing menace.”

Peter Martin, MD at cybersecurity company RelianceACSN, says: “The rate that ONS has said cybercrime in the UK is growing is startling, and it’s a clear sign that the security industry isn’t working. The inclusion of cybercrime in this report means that it’s finally being classed as a real crime with real victims. Our business community and government need to start working differently to prevent it. The current security systems that many organisations use to hold people’s data, like retailers and banks, just aren’t being deployed and managed in the right way. It’s about using the right technology and process which includes proper alerting and alarming of course but also actively hunting for cybercrime. Until it is we’re always going to be fighting an uphill battle.”

Robert Capps, VP at NuData Security, a behavioural biometrics company, said: “What’s very apparent is that card fraud is thriving and it confirms trends that we continue to see. It’s no news that fraud is easy cheap and lucrative. The low barrier to entry (just a simple consumer laptop and an internet connection is all that’s required), the “cool” factor, the low prosecution rate, the potential impact of your actions…it all plays into the ego, drive and motivation of these attackers. Imagine the temptation if you’re of that ethically challenged mindset. The Internet is awash in consumer financial and identity data, just waiting to be plucked and cashed out. It’s like walking through an apple orchard, and picking the ripest, reddest apples, free and with very little opposition.

“The latest hack, Omni Hotel, being just the latest in a long string of breaches — each one of which pays further dividends down the road in account takeover, new account fraud and identity theft. Like the gift that keeps on giving, data continues to be available, and the thieves keep cashing in. The Increasing volume of attacks globally can also be attributed to more fraudsters willing to commit the crime, more data available on the black market, and more Financial Institutions and Merchants that are vulnerable to attacks. Plus, as more countries fully adopt EMV, we’ll see fraud continue its migratory path to all available online channels.

“We have to remember; fraudsters know us better than we do in that they’ve pegged our vulnerabilities. It’s time we returned the favour. They are vulnerable because they must do very similar behaviours to be successful, and guess what? We can find them by their tell-tale signals. To detect out of character and potentially fraudulent transactions before they can create a financial nightmare for consumers, we must adopt new authentication methods that they can’t deceive. Solutions based on consumer behavior and interactional signals are leading the way to providing more safety for consumers, and less fraud in the marketplace.”

Robert Norris, Director of Enterprise & Cyber Security in UK and Ireland at Fujitsu, said: “The IT security space welcomes this news that the ONS will be including online crime moving forward, even if in the short term it means a steep increase. Daily there are news headlines reporting on the wealth of organisations that have fallen victim to a cyber-attack, something made worse by the fact that only 44pc of companies have basic security processes in place.

“According to the ONS, cybercrime now makes up 40pc of all recorded criminal incident, a statistic that once again highlights how important the battle against cybercrime has become. Through the inclusion of online crime in ONS crime reports, this further supports the requirement for all organisations to realise the severity and seriousness of cybercrime and the need for all to take up arms to fight it. Organisations need to put security at the top of the boardroom agenda to implement the right technology to protect themselves and their employees. The technical capabilities of cyber-criminals continue to outpace the UK’s ability to deal with cyber threats. If we are to counter this, we must collaborate, to share intelligence and counter the threats. If we don’t, we will never succeed in getting ahead and the ONS figure will continue to rise.”

And Stephen Love, the Security Practice Lead – EMEA at Insight, said: “The latest figures from the Office of National Statistics crime report have revealed that in the past year one-tenth of people in England and Wales have been a victim of cyber-crime. Unfortunately, this does not come as a surprise. It does, however, highlight the need for greater awareness around how to defend against cyber-crime. For businesses, it is imperative that they put an emphasis on cyber-security due to the inevitability of malicious hacks. To address this issue, we need to increase understanding and collaboration between organisations to make it easier for them to protect their business from the threat of online attacks.

“It is important to highlight that internal activity and human error, such as opening SPAM emails or using non-secure devices, is often the reason behind cyber-attacks. Emphasising the value of data to employees is key, as sensitive details can be accessed and bought on the dark web long after a cyber-attack occurs. Ultimately, with cyber-attacks becoming more frequent, organisations must view them as a major crime and implement the necessary steps to defend against it.”

Related News

  • Interviews

    Avoiding ad fraud

    by Mark Rowe

    When Google AdWords was launched in October 2000, it’s safe to say that it changed online marketing forever. Now years later it…

  • Interviews

    Malware evolution

    by Mark Rowe

    We ought to understand the evolution of malware, to tackle it, writes Darrel Rendell, UK Intelligence Analyst at anti-phishing product company Cofense.…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing