Cyber crime is racing ahead, and we need to keep up

Education and investment is critical in protecting companies from cyber attacks

'Petya' cyber attack hits firms across the world

Thirty years have passed since I attended my first International Symposium on Economic Crime at Jesus College, Cambridge.

Then, some 40 of us met in a room over the college bar. Those present were mostly prosecutors and enforcement officials drawn from all over the world by Dr Barry Rider, Cambridge law don and expert in the pursuit of white collar crime.

I was allowed to go because Barry had lectured me in law, subsequently helped me in my work, and became a friend.

This year’s Symposium, held from 2 – 9 September, attracted more than 1,500 delegates, and was based in giant marquees spread over Jesus’ lawns. Accommodation was provided in not one, but two colleges.

The event is still hosted by Barry, now a professor, and the audience continues to come from a cadre of lawyers, regulators, investigators (public and private) and academics who devote their working lives to arresting and obstructing fraudsters. There is nothing like it anywhere else.

A keynote speaker this year was the new boss of the UK’s Serious Fraud Office, Lisa Osofsky. The former FBI lawyer used her first speech in her new role to warn fraudsters hoping to take advantage of the computer failures of banks, explaining that she will make the UK an “inhospitable” place for them to conduct any crime.

She declared that an occurrence like this year's IT meltdown at TSB, which saw many customers exposed to potential fraud, should not happen under her watch.

“As head of a crime fighting agency, I am committed to making our country an inhospitable place for criminals like these,” she said. “My goal is to make sure our country is a high-risk place for the world’s most sophisticated criminals to operate.”

Quite what those dangers are, were spelled out in dramatic fashion by a senior UK cyber expert. I can’t say who he was because he asked not to be named. But he’s a leading figure in the battle to combat the fast-growing threat.

Listening to him, I was reminded just how much economic crime has changed since I sat in the same college at the same conference all those years ago. Back then we were concerned with pieces of paper baring faking signatures and documents; false accounting involving detailed sets of figures; setting up bogus companies, often hiding behind real brass plates and doors; counterfeiting coins and notes, and goods. Computers for everyday use were in their infancy, and the internet as well as email had not even been conceived.

Those crimes survive, but they seem distinctly crude and old-fashioned, compared with today’s remote, at-a-distance, instantaneous scams.

Like the Symposium itself, the criminals have exploded in number, grown in sophistication, become truly international, and, by and large, anonymous. Consider what the expert said: every day, 145 billion emails are sent around the world; of those, one in 131 are trying to seed malware or ransomware or some form of data theft; 65 per cent are engaged in spamming.

The speed at which an attack can take place and an account, or accounts, can be drained, is truly frightening. Shipping giant Maersk lost $300m (£232m) in no time at all, in a NotPetya malware assault.

And, for the criminal sitting at a faraway keyboard, the risk of getting caught versus other crimes, is negligible. In the US, said the UK official, one in five armed robbers are caught and end up in jail. In the cyber world, the rate for being identified is a mere one in 50.

Another shift from 30-odd years ago is the nature of the assailant. It may be an individual working alone or a gang or just as likely, a terrorist group or a rogue state seeking to spread economic chaos among their enemies. Tracking and defeating hackers who can shelter behind the protection of a country, with all its state-of-the-art apparatus, is doubly difficult.

What’s to be done? Educate, invest, back-up, act quickly. Education-wise, the more levels of protection we adopt, the safer we are. Similarly, the more aware we are, the more cautious we will be. In a nutshell, if something seems suspicious, is unexpected and out of the ordinary, then it probably is. Avoid opening, at all costs.

Spend money on the very latest IT security software and hardware, on IT staff who know what they are doing and are completely up to speed.

And back up. If data is backed up, being held to ransom until it is returned ceases to have meaning.

Be prepared to move ferociously quickly. In Maersk’s case, once their systems were breached, they acted with breathless speed. In just 10 days they reinstalled 4,000 new servers, 45,000 new PCs, and 2,500 applications - or, as the company’s boss described it, “a complete infrastructure”.

It’s not just the bad guys who are availing themselves of the very latest digital weaponry. In her speech, Osofsky stressed how she wants to use technology to help crack cases.

“With the new eDiscovery platform we’re starting to use across all of our new cases, we’ll soon bring a range of machine-learning and AI-based technology assisted review features to our investigations,” she said.

What will the next 30 years bring? It’s impossible to tell. But the message from Jesus College this past week was clear: standing still and doing nothing is not an option.

Chris Blackhurst is a former editor of The Independent, and director of C|T|F Partners, the campaigns and strategic communications advisory firm.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in