In The UK Cybercrime Has Overtaken Traditional Crime

In a notable sign of the times, cybercrime has now surpassed all other forms of crime in the United Kingdom, the nation’s National Crime Agency (NCA) warned in a new report. 

It remains unclear how closely the rest of the world tracks the UK’s experience, but the report reminds readers that the problem is likely far worse than the numbers suggest, noting that cybercrime is vastly under-reported by victims.

The NCA’s Cyber Crime Assessment 2016, released July 7, 2016, highlights the need for stronger law enforcement and business partnership to fight cybercrime. According to the NCA, cybercrime emerged as the largest proportion of total crime in the UK, with “cyber enabled fraud” making up 36 percent of all crime reported, and “computer misuse” accounting for 17 percent.

One explanation for the growth of cybercrime reports in the UK may be that the Brits are getting better at tracking it. The report notes that the UK Office of National Statistics only began including cybercrime for the first time last year in its annual Crime Survey for England and Wales.

“The ONS estimated that there were 2.46 million cyber incidents and 2.11 million victims of cyber-crime in the UK in 2015,” the report’s authors wrote. “These figures highlight the clear shortfall in established reporting, with only 16,349 cyber-dependent and approximately 700,000 cyber-enabled incidents reported to Action Fraud over the same period.”

The report also focuses on the increasing sophistication of organized cybercrime gangs that develop and deploy targeted, complex malicious software — such as Dridex and Dyre, which are aimed at emptying consumer and business bank accounts in the UK and elsewhere.

Avivah Litan, a fraud analyst with Gartner Inc., said cyber fraudsters in the UK bring their best game when targeting UK banks, which generally require far more stringent customer-facing security measures than US banks — including smart cards and one-time tokens.

“I’m definitely hearing more about advanced attacks on UK banks than in the US,” Litan said, adding that the anti-fraud measures put in place by UK banks have forced cybercriminals to focus more on social engineering UK retail and commercial banking customers.

Litan said if organized cybercrime gangs prefer to pick on UK banks, businesses and consumers, it may have more to do with convenience for the fraudsters than anything else. After all, she said, London is just two time zones behind Moscow, whereas the closest time zone in the US is 7 hours behind.

 “In most cases, the UK banks are pretty close to the fraudster’s own time zone, it’s a language the criminals can speak, and they’ve studied the banks’ systems up close and know how to get around security controls,” Litan said. “Just because you have more fraud controls doesn’t mean the fraudsters can’t beat them, it just forces the [crooks] to stay on top of their game. Why would you want to stay up all night doing online fraud against banks in the U.S. when you’d rather be out drinking with your buddies?”

The report observes that “despite the growth in scale and complexity of cyber-crime and intensifying attacks, visible damage and losses have not (yet) been large enough to impact long term on shareholder value. The UK has yet to experience a cyber-attack on business as damaging and publicly visible as the attack on the Target US retail chain.”

Although it would likely be difficult for a large, multinational European company to hide a breach similar in scope to that of the 2013 breach at Target, European nations generally have not had to adhere to the same data breach disclosure laws that are currently on the books in nearly every US state — laws which prompt multiple US companies each week to publicly acknowledge when they’ve suffered data breaches.

However, under the new European Union General Data Protection Regulation, companies that do business in Europe or with European customers will need to disclose “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”

It may be some time yet before UK and European businesses start coming forward about data breaches: For better or worse, the GDPR requirements don’t go into full effect for two more years.

KrebsOnSecurity

 

« Artificial Brains to Protect Against Cyberattacks
Cyberwar Against Islamic State Is Struggling »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ITrust

ITrust

French cybersecurity pure player since 2007. ITrust offers its Cyber expertise services and develops disruptive products in Cyber/Artificial Intelligence.

RSA Insurance Group

RSA Insurance Group

RSA is one of the world’s leading multinational quoted insurance groups. Commercial services include cyber risk insurance.

Genua

Genua

Genua is a specialist in IT security services and solutions ranging from network and infrastructure security to encrypted comms and industrial automation.

National Authority for Electronic Certification and Cyber Security (AKCESK)

National Authority for Electronic Certification and Cyber Security (AKCESK)

AKCESK ensures security for trusted services, in particular reliability and security in electronic transactions between citizens, businesses and public authorities.

Jobsora

Jobsora

Jobsora is an innovative job search platform in the UK and more than 35 other countries around the world. Sectors covered include IT and cybersecurity.

GlobalPass

GlobalPass

Covering 200+ countries with 78 000 databases, GlobalPass provides sophisticated facial biometrics verification and deep screening, delivering peace of mind to every client.

DigiByte (DGB)

DigiByte (DGB)

DigiByte (DGB) is a rapidly growing global blockchain with a focus on cybersecurity for digital payments & decentralized applications.

SECURITI.ai

SECURITI.ai

SECURITI.ai's PrivacyOps platform is a full-stack solution that operationalizes and simplifies privacy compliance using robotic automation and a natural language interface.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

InfoSec Conferences

InfoSec Conferences

InfoSec Conferences is an online directory of infosec conferences. We list every single Information Security conference, event and seminar within every niche in Cybersecurity.

Visible Statement

Visible Statement

Visible Statement is a computer-based delivery system designed to insure the retention and recall of your most important security training messages.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Kontex

Kontex

Kontex is a Cyber Security consultancy creating resilient solutions. From Strategy, Advisory and Implementation to Management and everything in between.

Aegis Security

Aegis Security

Aegis Security helps clients to secure their systems against potential threats through pre-emptive measures, such as security assessments, and cutting-edge solutions to security challenges.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.