UK Police Ill-Equipped to Deal with Cybercrime

Uploaded on 2015-05-12 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

3570908.png

Police are still playing catch-up with cyber-crime, and are particularly struggling with poor reporting, a lack of data and the InfoSec skills shortage, said Ian Maxted, safer cyber coordinator at the UK’s Gloucestershire Constabulary.
Speaking at the ILEC Centre in London, Maxted offered a candid view of the police's technology capabilities, which was perhaps unsurprising given his own IT security background, including as a former penetration tester and a security consultant for Encryption.
He started his presentation by saying that the ever-increasing use of the Internet and big data is ‘creating opportunities for criminals' but also causing issues for police who remain ‘largely ill-equipped to deal with cyber-crime'. This proliferation was particularly worrying given the ‘siloed' nature of police forces, where idea and data sharing is not generally embraced.
Citing recent statistics, which indicated that that one in three adults suffered from online crime last year, he said that most organisations focus on achieving the bare minimum compliance and to this day have no board buy-in on cyber-security. These companies, said Maxted, “don't understand the benefits of good practice” and wouldn't truly understand until they have “become a victim and change their behaviour.”
One of the main problems, he added, is the reporting of cyber-crime with firms fearing reputational damage and crashing share prices, while also not trusting the police to bring the culprits to justice. In a warning to attending police staff, he said: “The reason industry is not engaging [with you] is because they don't trust you.”
Gloucester remains at the top when it comes to cyber-crime, winning high praise from HMIC in a report released last year, but even Maxted admits that this is just the start, with much of his job still ‘translating' the threat.
Legislation is also an issue and ‘ill-equipped' to deal with the fast moving pace of technology, said Maxted, who cited the Computer Misuse Act as an example; established in the 1990s in relation to landlines, mobiles and some email, it is now being used to judge on so much more. “The law is a grey area and open to interpretation,” said Maxted.
The security expert wasn't finished there, also urging police to liaise more closely with industry and to share data. For this, police would need to incentivize private firms enough to get involved. “Law enforcement is used to putting the hammer down and say ‘you will do this', but they can't do that now.”
He added that collaboration and more funding is needed, with education a continuing concern.
“Education is the biggest problem we have with corporations and with police officers. They've been focused on traditional crime so long that [cyber-crime] is alien to them.” Gloucester has forged ahead with ‘CEOP Think U Know' and social media campaigns.
Despite these problems, Maxted said that cyber-crime isn't as advanced as sometimes promoted, with DoS attacks and hackers exploiting vulnerabilities, poor patching or excessive open ports. Doing these basics is “like putting a seatbelt on”.
“We need to share nationally with what works and what doesn't. We welcome sensible discussions to move things forward, because you can't do it on our own. If you can help, with any advice, please tell me. We do care.”
Later in the day, Kevin Williams, general manager of TC-UK and formerly of the National Crime Agency's National Cyber Crime Unit, painted a more positive picture, citing CERT-UK and CISP as examples of positive public data sharing. “One of the great things I've experienced in law enforcement is collaboration that has taken place over the last couple of years with CERT UK.”
He noted however that sharing is important for “not only saving pounds” for also for stopping harm caused to others, and said that it can be efficiently done so long as this sharing of sensitive information is anonymised.
However, on internet policing, he was less definitive. “Who should police the internet? If you throw in [Edward] Snowden, this is a really complex question,” he said, citing legislation and geographic borders as recurring issues for law enforcement trying to deal with cyber-crime, which has been described as a ‘borderless' crime.
Williams continued that law enforcement is also having to contend with increasingly fast and agile criminals; he cited one example of a group that had their infrastructure up online for one day, conducted their criminality the next and “they were gone on day three”.
“It often means they've carried out attack, no one has seen the attack, and weeks later the criminality is found. But by then any logs that did exist have gone.” Instead, he said that this should get businesses thinking about their log management process.
SC Magazine:  http://bit.ly/1QOXqY9

 

« IBM Breakthrough In Quantum Computing
Data Protection Drives Cloud Security Market »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Advent IM

Advent IM

Advent IM is one of the UK’s leading independent cyber security specialists, with a unique approach to providing holistic security management solutions.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

Applied Security (APSEC)

Applied Security (APSEC)

APSEC provides products and services in the areas of encryption, digital signature, authentication and data loss prevention.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

ClearBlade

ClearBlade

ClearBlade is the Edge Computing software company enabling enterprises to rapidly engineer and run secure, real-time, scalable IoT applications.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

Bolster

Bolster

Bolster (formerly RedMarlin) is an AI-based cyber-security platform designed to detect phishing and fraudulent sites in real-time.

Bleckwen

Bleckwen

Bleckwen is a proven fraud detection system that helps financial institutions build trust with customers.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

GeoEdge

GeoEdge

GeoEdge is the premier provider of ad security and quality solutions for the online and mobile advertising ecosystem.

Clearvision

Clearvision

As an Atlassian Platinum Solution Partner, Clearvision works with teams in the UK and US, providing solutions for the Atlassian stack, Git and open source tooling.

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

Commonwealth Scientific & Industrial Research Organisation (CSIRO)

CSIRO is Australia's national science agency. We solve the greatest challenges through innovative science and technology.

SE Ventures

SE Ventures

SE Ventures provides capital to big ideas and bold entrepreneurs who can benefit from Schneider Electric's deep domain expertise, R&D assets, and global customer base.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Sekoia.io

Sekoia.io

Sekoia.io is a European cybersecurity company whose mission is to develop the best protection capabilities against cyber-attacks.

LEPHISH

LEPHISH

LePhish is a French cybersecurity solution specializing in automated phishing campaigns.