16 December 2014
While internet attacks on big-name companies and organisations regularly attract the eye of the world’s media, far less attention is paid to the cyber crimes committed against individuals. Though they might not receive the same amount of news coverage, no one should harbour any ideas that these acts — which range from bank fraud to online child sexual exploitation — are any less serious because they are not targeted against a large number of people.
Equally neglected is the way in which traditional crimes are being committed by criminals using digital technologies.
A PA survey of intelligence analysts from 48 UK law enforcement organisations — including the National Crime Agency, regional crime units and local forces — showed the police in Britain are facing a real challenge in responding effectively to the changing nature of crime.
Less than a third of the analysts, who are in the front line of tackling cyber crime, felt they had the time, skills and tools to do their jobs effectively, and a third have been unable to share operational information because of a lack of suitable policies or IT infrastructure. Their answers highlighted a real need for more training, greater collaboration and better information sharing.
The responses also underscore the fact that many senior police leaders have not yet recognised that cyber crime has a significant effect on their local communities. Only 15 per cent of the analysts questioned think cyber crime is specifically measured within their organisation. Yet the survey shows very clearly that it is a rapidly increasing threat to the public and that its victims expect the same level of support from their local police as they would if they had suffered a burglary or car theft.
This means police forces need to put in place a clear action plan to protect the public. They should start by getting more accurate data on the scale of the problem through a nationally co-ordinated effort to improve the measurement, analysis and recording of cyber crime. Individual police forces then need to review the different roles of people who deal with these crimes and tackle the current overlap and duplication that makes this work inefficient. The next step is to recognise that many analysts working in this area do not have the expertise to deal with particular challenges posed by the accumulation of masses of information by digital systems, so-called “big data”. So there is a real need to create partnerships with companies and academic institutions to recruit and develop expert data scientists to help fight crime.
The perennial problem of information sharing also needs to be dealt with. This has plagued the police and other public sector organisations for years but, as cyber crime does not respect geographical boundaries, effective data sharing is becoming more critical than ever. While the survey showed that there are plenty of proposals being discussed, they now need to be implemented so that all those involved have effective and sustainable systems for sharing large volumes of data across organisational boundaries.
The final step is for the police to find an acceptable balance between intrusive online surveillance and individual privacy. With nearly a quarter of analysts saying that a lack of suitable legislation is affecting current operations, the law clearly needs to be updated so that police can access the digital data they need to catch cyber criminals.
However, they will need to make the case for change and understand that the public and politicians will only support this if they have confidence that any new powers will be used responsibly and effectively.
While these steps are not just about spending more money, they will require some additional resources and we recommend that a portion of the National Cyber Security Programme’s future funding should be allocated to the digital transformation of police intelligence and analytical functions. That should then be backed up by a focus at local, regional and national level on securing the skills, resources and systems to tackle cyber crime effectively. Its victims will expect nothing less.
Nick Newman is a security expert at PA Consulting Group
For a copy of our report, Cybercrime Tipping Point, click here.