Cybercrime: Under-Reporting Gives Hackers A Green Light

Organisations which don't report that they've been the victim of cybercrime are putting others at risk of further attacks and are hampering the authorities' ability to fight against hackers, the UK's serious and organised crime unit has warned.

The National Crime Agency has issued the warning to businesses as part of its National Strategic Assessment of Serious and Organised Crime 2018.

"Under-reporting of data breaches continues to erode our ability to make robust assessment of the scale and cost of network intrusions," said the report, adding "many companies are not disclosing data breaches, putting victims at risk".

According to figures cited by the NCA, only 38 percent of people have confidence that law enforcement can properly respondent to 'cyber-dependent' crime, with the implication that this is partly why victims fail to report they've been hit. Even when cybercrime is reported, the police may find themselves unable to convict the perpetrators, because "those that do report may on occasion not be prepared to support prosecution, hampering the ability of law enforcement to act".

The National Strategic Assessment of Serious and Organised crime suggests that the lack of successful cybercrime reporting means that cyber attackers believe that there's no consequences of their actions.

This perception is also driven along by the courts often handing out lenient sentences to those convicted of hacking, the NCA suggests, although no specific examples of this are provided. 

"Whilst courts acknowledge the seriousness of the crimes committed, the level of sentence passed does not necessarily reflect this seriousness, and can appear low," said the report.

According to the report, cyber criminal schemes at all levels continue to pose a threat to the UK, and while many of these groups are operating outside of UK borders, home-grown cyber criminals must not be underestimated.

"The threat from UK domestic cyber criminals continues to mature, and these domestic actors are capable of damaging attacks," the report warns.

Almost all forms of cybercrime are on the rise, but one the National Crime Agency points to as particularly dangerous for UK businesses is the rise of business email compromise attacks and CEO fraud. While these attacks take additional time and resources for hackers to successfully carry out, they can be lucrative. Indeed, the FBI has stated that these scams cost global businesses billions.

The sheer number of large data breaches is also fuelling an increase in fraud and phishing, as criminals are able to get their hands on sensitive data to help carry out attacks.

The NCA notes that with the introduction of GDPR, in theory, organisations will have to report all data breaches "eventually leading to a reduction" as organisations are forced to take additional responsibilities in order to protect against cyber-attacks.
However, the report notes that despite GDPR comes into force, awareness of the legislation is "limited", especially amongst small and medium sized businesses.

But there's one thing the NCA points to as a certainty - that cyber criminals and crime groups will continue to target the UK.

"The increasing sophistication of crime groups, coupled with the changing nature of their geographical reach, demonstrates more than ever the requirement for an increasingly co-ordinated response," said NCA Director General Lynne Owens

"Working alongside our law enforcement, intelligence and other partners, we are changing the way we operate to ensure the biggest possible impact. We will use this intelligence assessment to build on our operational successes and evidence why further investment in capabilities and capacity is necessary."

ZDNet

You Might Also Read:

Cybercrime: Law Enforcement Must Get Serious:

Cybercrime: £130bn Stolen From Consumers In 2017:

 

« Google Workers Are Revolting
America Can Learn About Russian Disinformation From Europe »

Directory of Suppliers

Darktrace

Darktrace

Darktrace’s Enterprise Immune System is capable of detecting and responding to emerging cyber-threats, from within the network.

ECSC

ECSC

ECSC, Established in 2000, is an information security consultancy and managed security services provider (MSSP).

Zentek Forensics (ZFL)

Zentek Forensics (ZFL)

Zentek Forensics has been providing digital forensics services to the public and private sector for computers and mobile devices since 2004.

Information Security Research Group - University of South Wales

Information Security Research Group - University of South Wales

The Information Security Research Group has an international reputation in the areas of network security, computer forensics and threat analysis.

Rockwell Automation

Rockwell Automation

Rockwell Automation offer industrial security solutions to protect the integrity and availability of your complex automation solutions.

Siscon

Siscon

Siscon provide consulting and solutions for data and information security in Scandinavia.

Zanasi & Partners

Zanasi & Partners

Zanasi & Partners is a security research and advisory company active in the EU and MENA areas. Services focus on technology solutions.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

Penta Security Systems

Penta Security Systems

Founded on its data encryption technology, Penta Security Systems is a leading provider of web and data security products, solutions and services.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Clearswift

Clearswift

Clearswift is trusted by businesses, governments and defense organizations globally for its Adaptive Cyber Security and Data Loss Prevention solutions.

Viptela

Viptela

Viptela's Software-Defined Wide Area Network (SD-WAN) technology cuts operating costs, increases bandwidth, and significantly improves security and uptime.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.