Online fraud is the most commonly experienced crime in England and Wales and demands urgent response, a report by Parliament’s independent public spending watchdog has concluded.
While the landscape for tackling online fraud is complex, the Home Office’s response is not proportionate to the threat, according to the National Audit Office. Despite the fact the face of crime is changing, the NAO’s report said police forces take different approaches to tackling online fraud, and for some it is simply not a priority. Yet in the year ending December 2016, the Office for National Statistics estimated that there were 1.9 million estimated incidents of cyber-related fraud in England and Wales, representing 16% of all estimated crime incidents. There were a total of 6.1 million fraudulent acts committed in the UK last year, according to the latest Crime Survey for England and Wales.
During the first eight months since its inception, meanwhile, the UK’s National Cyber Security Centre recorded 480 major cyber incidents requiring its attention.
The UK is clearly seeing an acceleration in major cyber security incidents according to the cyber security protection agency. Ransomware and phishing attacks have become a significant issue in organisations both large and small, including #WannaCry, #NotPetya and #Mirai. The possibility of major business disruption arising from falling victim to phishing or ransomware is quite high, given that roughly156 million phishing emails are sent globally every day. The FBI reports that ransomware attacks have cost $209 million in just the first three months of 2016, which is more than eight times the total for 2015. At this rate, ransomware is expected to exceed $5 billion in damage costs in 2017 – unless individuals and organisations improve both their defences and security awareness.
UK businesses are targeted more than 500 times each on a daily basis by hackers, who mainly focus their efforts on hijacking connected devices and databases. The majority of cyber-attacks are automated computer scripts that search the web for weaknesses and attack company firewalls constantly looking for vulnerabilities. Businesses need to keep these vital defences up-to-date, prioritise security over convenience and ensure employees understand both the evolving threat and their cyber security responsibilities. It’s also increasingly common for cyber-criminals to steal, crack or hack passwords in order to gain access to corporate databases.
Phishing is another area that needs attention. Phishing is, generally speaking, the first stage of so-called advanced persistent attacks, and it’s crucial to note that phishing emails are highly successful where messages are targeted at specific individuals.
This really depicts the global nature of cybercrime; it means no single country or organisation can rely solely on its own capabilities to address the problem of transnational and organised crimes. Network threats change at an accelerated rate.
To stay safe, organisations need fast, intelligent security and cyber countermeasures built around real-time threat detection, automated enforcement and adaptive policies. Government officials, law enforcement officers, private sector operators and cyber service providers all have a role to play in fighting cyber threats and mitigating disruptions caused by the ever-growing number of mass outbreaks.
This is where businesses can benefit from collaborative security, or working with a supplier, vendor or service provider that can provide businesses with a unified security service that exchanges cyber threat information in real-time in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on businesses. Cyber threat intelligence services are designed to help organisations identify the threats most relevant to them and know if any particular attack is generic or targeted specifically at them. Security strategies need to incorporate these new approaches to cope with new challenges presented by emerging technologies. Organisations need to improve their ability to detect and deal with intrusions quickly, as many intrusions are currently discovered weeks and even months later, and often by third parties. A critical lapse in visibility, control or coordination in any part of the distributed network, can spell disaster for a digital business.