Cybercrime: Under-Reporting Gives Hackers A Green Light

Uploaded on 2018-06-13 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Organisations which don't report that they've been the victim of cybercrime are putting others at risk of further attacks and are hampering the authorities' ability to fight against hackers, the UK's serious and organised crime unit has warned.

The National Crime Agency has issued the warning to businesses as part of its National Strategic Assessment of Serious and Organised Crime 2018.

"Under-reporting of data breaches continues to erode our ability to make robust assessment of the scale and cost of network intrusions," said the report, adding "many companies are not disclosing data breaches, putting victims at risk".

According to figures cited by the NCA, only 38 percent of people have confidence that law enforcement can properly respondent to 'cyber-dependent' crime, with the implication that this is partly why victims fail to report they've been hit. Even when cybercrime is reported, the police may find themselves unable to convict the perpetrators, because "those that do report may on occasion not be prepared to support prosecution, hampering the ability of law enforcement to act".

The National Strategic Assessment of Serious and Organised crime suggests that the lack of successful cybercrime reporting means that cyber attackers believe that there's no consequences of their actions.

This perception is also driven along by the courts often handing out lenient sentences to those convicted of hacking, the NCA suggests, although no specific examples of this are provided. 

"Whilst courts acknowledge the seriousness of the crimes committed, the level of sentence passed does not necessarily reflect this seriousness, and can appear low," said the report.

According to the report, cyber criminal schemes at all levels continue to pose a threat to the UK, and while many of these groups are operating outside of UK borders, home-grown cyber criminals must not be underestimated.

"The threat from UK domestic cyber criminals continues to mature, and these domestic actors are capable of damaging attacks," the report warns.

Almost all forms of cybercrime are on the rise, but one the National Crime Agency points to as particularly dangerous for UK businesses is the rise of business email compromise attacks and CEO fraud. While these attacks take additional time and resources for hackers to successfully carry out, they can be lucrative. Indeed, the FBI has stated that these scams cost global businesses billions.

The sheer number of large data breaches is also fuelling an increase in fraud and phishing, as criminals are able to get their hands on sensitive data to help carry out attacks.

The NCA notes that with the introduction of GDPR, in theory, organisations will have to report all data breaches "eventually leading to a reduction" as organisations are forced to take additional responsibilities in order to protect against cyber-attacks.
However, the report notes that despite GDPR comes into force, awareness of the legislation is "limited", especially amongst small and medium sized businesses.

But there's one thing the NCA points to as a certainty - that cyber criminals and crime groups will continue to target the UK.

"The increasing sophistication of crime groups, coupled with the changing nature of their geographical reach, demonstrates more than ever the requirement for an increasingly co-ordinated response," said NCA Director General Lynne Owens

"Working alongside our law enforcement, intelligence and other partners, we are changing the way we operate to ensure the biggest possible impact. We will use this intelligence assessment to build on our operational successes and evidence why further investment in capabilities and capacity is necessary."

ZDNet

You Might Also Read:

Cybercrime: Law Enforcement Must Get Serious:

Cybercrime: £130bn Stolen From Consumers In 2017:

 

« Google Workers Are Revolting
America Can Learn About Russian Disinformation From Europe »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

KPMG

KPMG

KPMG s a leading provider of professional services including information technology and cyber security consulting.

TrustedIA

TrustedIA

TrustedIA is a cyber and protective security company. Our mission is to help businesses protect themselves from disruptive events that can impact their successful operation.

Council of European Professional Informatics Societies (CEPIS)

Council of European Professional Informatics Societies (CEPIS)

CEPIS is the representative body of national informatics associations throughout Europe and represent over 450,000 ICT and informatics professionals in 32 countries.

F-Response

F-Response

F-Response is a software utility that enables an investigator to conduct live Forensics, Data Recovery, and eDiscovery over an IP network using their tools of choice.

Teradata

Teradata

Teradata is a leading provider of enterprise big data analytics and services. Applications include Cyber Security Analytics.

CERT.at

CERT.at

CERT.at is the Austrian national Computer Emergency Response Team.

Thales

Thales

Thales provides solutions, services and products that help its customers in the defence, aeronautics, space, transportation and digital identity and security markets to fulfil their critical missions.

KELA

KELA

KELA's powerful cybercrime intelligence platform uncovers and neutralizes the most relevant cybersecurity threats coming from the hardest-to-reach places on the internet.

Mega

Mega

Mega is a secure cloud data storage provider with browser-based high-performance end-to-end encryption.

Information Technology & Cyber ​​Security Service (STISC) - Moldova

Information Technology & Cyber ​​Security Service (STISC) - Moldova

STISC is a public institution whose purpose is to ensure the administration, maintenance and development of the information technology infrastructure in Moldova.

Meterian

Meterian

The Meterian Platform is a fuss-free solution to protect you against vulnerabilities in your app’s software supply chain.

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions is a leader in the design, manufacture, testing, and support of hardware and software solutions for the embedded computing market.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

Btech

Btech

Btech is the market leader in providing affordable managed IT security services for credit unions.

IDCARE

IDCARE

IDCARE is Australia and New Zealand’s national identity & cyber support service. Our service is the only one of its type in the world.

FOSSA

FOSSA

FOSSA is a leading SBOM (software bill of materials) and software supply chain risk management platform.