Cybercrime: Law Enforcement Must Get Serious

Uploaded on 2018-06-05 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

When someone breaks into your home, you don’t hesitate to call the police and report the crime. But, when someone plants a virus on your computer, do you still call the police? How do you even determine what was stolen?

Major cyber-attacks and crimes like the Equifax and Sony breaches receive a ton of news coverage and spawn extensive investigations by law enforcement. But what about the small businesses and individuals who have crimes committed against them? What do they do, and who investigates those crimes?

We need to ensure the public understands that a crime is crime, whether the bad actor is throwing a brick or wielding a keypad.

In today’s environment, we treat cybercrime differently than traditional crimes. Police departments don’t have adequate training or resources to deal with a robbery where the perpetrator could be anywhere and the evidence is lost in echoes of ones and zeros. 

If you call the police to tell them your PC has a virus and you can’t get access your files, they would likely tell you to take it back to the store and wonder why you called 911. But if someone broke into your home filing cabinet and stole your financial information, there would be an investigation.

Cyber criminals realise that most crimes will get little engagement from law enforcement, if they are reported at all, unless the event reaches large global companies or governments. As a result, cyber-crime remains a lucrative enterprise. According to Juniper Research, the global cost of cyber-crime will reach $2 trillion by 2019. That marks a threefold increase from a $500 billion estimate in 2015.

“There are so many cases that federal agencies skim off the high-loss cases, leaving local agencies with smaller things like forged tickets to sports or music events, losses of less than $1,000, or other relatively small scams,” Los Angeles County Sheriff’s Department Chief Bill McSweeney said in a 2014 report by the Police Executive Research Forum. 

“The volume of these cases would be way too much for federal agencies to handle. We need to either decide that we’re going to empower and properly equip local police to take on these crimes, or decide that we’re going to ignore them, which, for the most part, is what we’re doing now.”

Here are a few ideas on ways to make our criminal justice priorities keep up with our technological changes.

Engaging Law Enforcement
We must develop a system of tools to help people more easily report cyber-crimes and, importantly, share evidence in a trustworthy manner with law enforcement. While the FBI’s Internet Crime Complaint Center(IC3) currently collects complaints, we must take this system a few steps further. 

This system should be automated; help victims understand what has happened to them; direct them to assistance; and facilitate the sharing of criminal activity and their indicators across government agencies and law enforcement.
Increasing Resources

We cannot wait for cyber-crimes to shut down a Fortune 500 company or cause a failure in the electrical power grid or lock up critical medical equipment in a hospital. To combat this threat effectively, we need to look to the “broken windows” theory. 
This criminology theory from the 1980s recommends that law enforcement pay attention to small incidents like vandalism in order to eliminate the trend before larger crimes are committed.

It is similar with cyber-crime, but even more impactful. By tracking smaller incidents and bringing the perpetrators to justice, we will not only discourage people from committing the lesser cyber-crimes, but, critically, we will also disrupt the infrastructure used by criminals to stage more significant attacks. To accomplish this, our law enforcement needs new resources and support. As a society, we have prioritised parking violations and invested in meter monitors and the infrastructure to enforce behaviors. We need to create cyber units and ensure that those officers have access to the tools needed to fight crime online. 

Fighting cyber-crime has to be a partnership between government and the private sector. This partnership will help law enforcement scale with the rising tide of cyber-crime and use the latest technologies possible to get control of this epidemic.
There are now emerging experiments in public-private partnerships that facilitate not just the sharing of information but collaboration in identifying vulnerabilities, threats, and adversarial activity. The private sector should embrace these partnerships in critical infrastructure sectors.

Digital Safe Zones
As more and more technologies rely on the internet, its size grows and the security requirements involved have to increase with it. It’s time to restructure the Internet to enhance security. We need to apply greater segmentation, creating “slices” of the Internet that serve different functions. Segmentation is about compartmentalising transactions, not people.

Right now when you’re online, it’s your computer against the world. It can be attacked by anyone from anywhere at any time. You can’t be expected to defend yourself against the whole planet. 

We need to start establishing safe zones for different engagements online. Security requirements for financial data differ from the security needed to read news, play videogames, or stream movies. We have to stop pretending like we can protect against every threat and that all security requirements are created equal.

New technologies such as Software Defined Networking could be the root of a solution, allowing us to create the slices that give us safe zones for important transactions, where participants are known and the noise of the Internet is mitigated. 
Cross-Domain Solutions, adapted from military applications, could allow us to more securely interconnect the slices with a higher level of trust and introspection.

The Internet is the greatest invention in modern history. But if we don’t stand-up and protect it, it will continue to become a hunting ground for cyber predators.

Venturebeat:       Image: Nick Youngson

You Might Also Read: 

The Impact Of Cybercrime On UK Business:

UK Police Cybercrime Training:

Dark Web Fraud Undetectable By Police:
 

 

« Playing Catch-Up With GDPR
Digital Shock (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CyberSecurityJobsite.com

CyberSecurityJobsite.com

CyberSecurityJobsite.com is a specialist job board designed to attract candidates working within Cyber Security, Information Security or Information Assurance.

National Intelligence Service (NIS) - South Korea

National Intelligence Service (NIS) - South Korea

The NIS oversees policy on cyber security in South Korea by formulating and coordinating the execution of such policy and devising necessary schemes and guidelines.

CyberSec Hub - The Kosciuszko Institute

CyberSec Hub - The Kosciuszko Institute

The goal of CyberSec Hub is to create a centre of excellence for cybersecurity in Krakow, a new European “Cyber-Silicon Valley”.

Rogers Cybersecure Catalyst

Rogers Cybersecure Catalyst

Rogers Cybersecure Catalyst helps Canadians and Canadian companies seize the opportunities and tackle the challenges of cybersecurity.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

ActiveNav

ActiveNav

ActiveNav provide dark data discovery solutions for compliance and information governance.

Secure Digital Solutions (SDS)

Secure Digital Solutions (SDS)

Secure Digital Solutions is a leading consulting firm in the business of information security providing cyber security program strategy, enterprise risk and compliance, and data privacy.

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance provides an array of cybersecurity services including cybersecurity policy management, risk assessments and regulatory compliance consulting.

BOXX Insurance

BOXX Insurance

BOXX Insurance Inc. is a new type of insurance company for a new type of risk. Cyberboxx is the first fully-integrated cybersecurity and insurance solution for small-to-medium-sized businesses.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

SensCy

SensCy

SensCy is a Trusted Guide for Sensible Cybersecurity for small and medium-sized organizations.

FortiGuard Labs

FortiGuard Labs

FortiGuard Labs is the threat intelligence and research organization at Fortinet. Its mission is to provide Fortinet customers with the industry’s best threat intelligence.

CDS

CDS

CDS is a strategic change agency enabling organisations and businesses to create and build better services to meet the evolving needs of customers, employees and citizens.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

FTx Identity

FTx Identity

FTx Identity is the world's most advanced age verification technology (AVT) and identity management system.

Hanwha Systems

Hanwha Systems

Hanwha Systems is a global company based in South Korea providing defense electronics and smart ICT solutions.