Companies Should Tackle Cybercrime & 'take the fight to the criminals'

Firms must “take the fight to the criminals” to prevent a rising tide of cyber-attacks by sophisticated organised crime gangs.

In a joint report, telecoms group BT and consulting firm KPMG called on companies to address the “industrialisation of cybercrime”, warning against the danger of overplaying the more high-profile threat of lone hackers.

The report warns that today’s cybercriminal often works for complex operations akin to businesses, with human resources divisions and budgets for research and development.

Some are so sophisticated that they are able to hijack senior executives’ email accounts and fake correspondence to convince junior company employees to approve transactions. In one such case, the scam led to one company agreeing to pay out $18.5m (£13.9m) to criminals in the Asia-Pacific region, BT and KPMG said, without identifying the company.

Businesses must work with law enforcement against such operations, the report said, and should consider launching their own pre-emptive attacks against cybercrime networks.

Mark Hughes, chief executive of cybercrime at BT, said it was vital that companies “take the fight to the criminals”. “The industry is now in an arms race with professional criminal gangs and state entities with sophisticated tradecraft,” he said.

“The twenty-first century cybercriminal is a ruthless and efficient entrepreneur supported by a highly developed and rapidly evolving black market. Businesses need to not only defend against cyber-attacks but also disrupt the criminal organisations that launch those attacks.”

But Hughes said the industry’s efforts to tackle the problem are being hampered by a lack of graduates with the right skills to work in cyber-defence. BT has identified cybersecurity as a huge potential growth area, with revenues from its cybersecurity division increasing at more than 10% a year.

In April, the telecoms giant announced plans to hire 900 people for its already 2,500-strong security team to cope with growing demand.

The BT-KPMG report found that while 97% of firms have suffered a cyber-attack, only a fifth of technology chiefs at those firms felt well enough equipped to deal with organised cybercrime.

The skills deficit persists despite the importance of cybersecurity to major corporations being underlined by several high-profile security breaches.

Broadband and telecoms provider TalkTalk lost more than 100,000 customers and faced a bill of at least £60m in the wake of a cyber-attack last year that saw thousands of users’ data harvested.

Ashley Madison – a US dating website aimed at people looking for extra-marital affairs – was hit by an attack that saw thousands of users’ dating profiles leaked online.

Guardian

« EU Signs Cyber-Security Agreement With Industry
Pentagon Unprepared to Repel Cyber Attacks »

Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

WEBINAR: How To Build A Detection And Response Strategy For Insider Threats

WEBINAR: How To Build A Detection And Response Strategy For Insider Threats

Thursday, 19 August, 2021 - In this webinar, SANS and AWS Marketplace will overview building a detection and threat hunting workflow, focusing on preventing insider activity.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSIRT Malta

CSIRT Malta

CSIRT Malta supports critical infrastructure organisations in Malta on how to protect their information infrastructure assets and systems from cyber threats and incidents.

DoWebScan

DoWebScan

DoWebScan is an all in one website suite on the internet for all website security related issues.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

InFront Compliance

InFront Compliance

InFront is a next-gen online assessment and reporting platform focused on reducing risk and simplifying compliance.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

M2MD Technologies

M2MD Technologies

M2MD Technologies offers solutions optimized for cellular IoT that provide stronger security, reduced costs, enhanced user experience, and ultimately generates higher returns for stakeholders.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.