Cybercrime: Under-Reporting Gives Hackers A Green Light

Uploaded on 2018-06-13 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Organisations which don't report that they've been the victim of cybercrime are putting others at risk of further attacks and are hampering the authorities' ability to fight against hackers, the UK's serious and organised crime unit has warned.

The National Crime Agency has issued the warning to businesses as part of its National Strategic Assessment of Serious and Organised Crime 2018.

"Under-reporting of data breaches continues to erode our ability to make robust assessment of the scale and cost of network intrusions," said the report, adding "many companies are not disclosing data breaches, putting victims at risk".

According to figures cited by the NCA, only 38 percent of people have confidence that law enforcement can properly respondent to 'cyber-dependent' crime, with the implication that this is partly why victims fail to report they've been hit. Even when cybercrime is reported, the police may find themselves unable to convict the perpetrators, because "those that do report may on occasion not be prepared to support prosecution, hampering the ability of law enforcement to act".

The National Strategic Assessment of Serious and Organised crime suggests that the lack of successful cybercrime reporting means that cyber attackers believe that there's no consequences of their actions.

This perception is also driven along by the courts often handing out lenient sentences to those convicted of hacking, the NCA suggests, although no specific examples of this are provided. 

"Whilst courts acknowledge the seriousness of the crimes committed, the level of sentence passed does not necessarily reflect this seriousness, and can appear low," said the report.

According to the report, cyber criminal schemes at all levels continue to pose a threat to the UK, and while many of these groups are operating outside of UK borders, home-grown cyber criminals must not be underestimated.

"The threat from UK domestic cyber criminals continues to mature, and these domestic actors are capable of damaging attacks," the report warns.

Almost all forms of cybercrime are on the rise, but one the National Crime Agency points to as particularly dangerous for UK businesses is the rise of business email compromise attacks and CEO fraud. While these attacks take additional time and resources for hackers to successfully carry out, they can be lucrative. Indeed, the FBI has stated that these scams cost global businesses billions.

The sheer number of large data breaches is also fuelling an increase in fraud and phishing, as criminals are able to get their hands on sensitive data to help carry out attacks.

The NCA notes that with the introduction of GDPR, in theory, organisations will have to report all data breaches "eventually leading to a reduction" as organisations are forced to take additional responsibilities in order to protect against cyber-attacks.
However, the report notes that despite GDPR comes into force, awareness of the legislation is "limited", especially amongst small and medium sized businesses.

But there's one thing the NCA points to as a certainty - that cyber criminals and crime groups will continue to target the UK.

"The increasing sophistication of crime groups, coupled with the changing nature of their geographical reach, demonstrates more than ever the requirement for an increasingly co-ordinated response," said NCA Director General Lynne Owens

"Working alongside our law enforcement, intelligence and other partners, we are changing the way we operate to ensure the biggest possible impact. We will use this intelligence assessment to build on our operational successes and evidence why further investment in capabilities and capacity is necessary."

ZDNet

You Might Also Read:

Cybercrime: Law Enforcement Must Get Serious:

Cybercrime: £130bn Stolen From Consumers In 2017:

 

« Google Workers Are Revolting
America Can Learn About Russian Disinformation From Europe »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Satisnet

Satisnet

Satisnet is a leading Security Reseller, Managed Security Services Provider (MSSP) and Cyber Training Innovator, with operations throughout the UK, EMEA and United States.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Micron Technology

Micron Technology

Micron is a global leader in the semiconductor industry providing memory and secure storage devices for Networks, Mobile devices and IoT applications.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

Wireless Logic

Wireless Logic

Wireless Logic delivers a range of secure and resilient value-added M2M/IoT managed services that empower remote devices to communicate cost-effectively, two ways.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

e-End

e-End

e-End provides hard drive shredding, degaussing and data destruction solutions validated by the highest electronic certifcations to keep you compliant with GLB, SOX, FACTA, FISMA, HIPAA, COPPA, ITAR.

Swisscom Blockchain

Swisscom Blockchain

Swisscom Blockchain is focused on supporting the implementation and adaption of Blockchain-based platforms in enterprises across diverse industries.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

Managed IT Services

Managed IT Services

Managed IT Services is a managed IT Services Company offering a diverse range of Cyber Security services and IT solutions.

Orpheus Cyber

Orpheus Cyber

Orpheus Cyber provides predictive and actionable intelligence to our clients - enabling them to anticipate, prepare for and respond to the cyber threats they face.

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators (IAFCI)

International Association of Financial Crimes Investigators provides services and information about financial fraud, fraud investigation and fraud prevention.

Troye Computer Systems

Troye Computer Systems

Troye provide a complete range of digital workspace solutions that empower people to do their very best work in a safe and secure manner anywhere, anytime, using any device.

Netia

Netia

Netia is a Polish telecommunications company providing a range of business services including network solutions, communications, data centre and cloud, and cybersecurity.

OmniIndex

OmniIndex

OmniIndex PostgresBC is the only commercial solution allowing you to keep your most sensitive and critical data encrypted while analyzing it. Structured and unstructured.

TIVIT

TIVIT

TIVIT is a Brazil-based multinational company that offers enterprise-level digital solutions, and operates in ten countries in Latin America