Cybercrime: Under-Reporting Gives Hackers A Green Light

Uploaded on 2018-06-13 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Organisations which don't report that they've been the victim of cybercrime are putting others at risk of further attacks and are hampering the authorities' ability to fight against hackers, the UK's serious and organised crime unit has warned.

The National Crime Agency has issued the warning to businesses as part of its National Strategic Assessment of Serious and Organised Crime 2018.

"Under-reporting of data breaches continues to erode our ability to make robust assessment of the scale and cost of network intrusions," said the report, adding "many companies are not disclosing data breaches, putting victims at risk".

According to figures cited by the NCA, only 38 percent of people have confidence that law enforcement can properly respondent to 'cyber-dependent' crime, with the implication that this is partly why victims fail to report they've been hit. Even when cybercrime is reported, the police may find themselves unable to convict the perpetrators, because "those that do report may on occasion not be prepared to support prosecution, hampering the ability of law enforcement to act".

The National Strategic Assessment of Serious and Organised crime suggests that the lack of successful cybercrime reporting means that cyber attackers believe that there's no consequences of their actions.

This perception is also driven along by the courts often handing out lenient sentences to those convicted of hacking, the NCA suggests, although no specific examples of this are provided. 

"Whilst courts acknowledge the seriousness of the crimes committed, the level of sentence passed does not necessarily reflect this seriousness, and can appear low," said the report.

According to the report, cyber criminal schemes at all levels continue to pose a threat to the UK, and while many of these groups are operating outside of UK borders, home-grown cyber criminals must not be underestimated.

"The threat from UK domestic cyber criminals continues to mature, and these domestic actors are capable of damaging attacks," the report warns.

Almost all forms of cybercrime are on the rise, but one the National Crime Agency points to as particularly dangerous for UK businesses is the rise of business email compromise attacks and CEO fraud. While these attacks take additional time and resources for hackers to successfully carry out, they can be lucrative. Indeed, the FBI has stated that these scams cost global businesses billions.

The sheer number of large data breaches is also fuelling an increase in fraud and phishing, as criminals are able to get their hands on sensitive data to help carry out attacks.

The NCA notes that with the introduction of GDPR, in theory, organisations will have to report all data breaches "eventually leading to a reduction" as organisations are forced to take additional responsibilities in order to protect against cyber-attacks.
However, the report notes that despite GDPR comes into force, awareness of the legislation is "limited", especially amongst small and medium sized businesses.

But there's one thing the NCA points to as a certainty - that cyber criminals and crime groups will continue to target the UK.

"The increasing sophistication of crime groups, coupled with the changing nature of their geographical reach, demonstrates more than ever the requirement for an increasingly co-ordinated response," said NCA Director General Lynne Owens

"Working alongside our law enforcement, intelligence and other partners, we are changing the way we operate to ensure the biggest possible impact. We will use this intelligence assessment to build on our operational successes and evidence why further investment in capabilities and capacity is necessary."

ZDNet

You Might Also Read:

Cybercrime: Law Enforcement Must Get Serious:

Cybercrime: £130bn Stolen From Consumers In 2017:

 

« Google Workers Are Revolting
America Can Learn About Russian Disinformation From Europe »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Lynx Technology Partners

Lynx Technology Partners

Lynx Technology Partners is a full service, full life-cycle risk-based security consulting firm.

Nok Nok Labs

Nok Nok Labs

Nok Nok is a market leader in next generation authentication for cloud, mobile and IoT applications.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

ComCERT

ComCERT

ComCERT SA is an independent, private consulting company focusing in the assistance of its customers facing the dangers of cyber threats and security incidents.

AVeS Cyber Security

AVeS Cyber Security

AVeS combines expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions.

SQN Banking Systems

SQN Banking Systems

SQN Banking Systems fraud detection software products are a critical step towards overcoming the growing problem of fraud across the various payment channels.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

Aujus Cybersecurity

Aujus Cybersecurity

Aujas is a pure-play cyber security services company with deep expertise in Identity and Access Management, Managed Security and Security Testing services.

FireCompass

FireCompass

FireCompass SAAS platform helps CISOs & Security Teams in continuous risk assessment by mapping your attack surface and knowing the “unknown unknowns”.

Humming Heads

Humming Heads

Humming Heads offers a complete solution to fight the advanced threats that target a company's endpoints and servers.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

SubCom

SubCom

How Much Do You Trust Your Endpoint? With our ‘Habituation Neural Fabric’ based endpoint security platform, you can observe and manage the Trust Score of your endpoints in real-time.

ACL Digital

ACL Digital

ACL Digital, an ALTEN Group company, is a leader in design-led digital experience, innovation, enterprise modernization, and product engineering services converging to Technology, Media & Telecom.

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

Custocy

Custocy

Custocy is a unique collaborative AI technology that identifies sophisticated and unknown (zero-day) attacks.