UK Police Ill-Equipped to Deal with Cybercrime

Uploaded on 2015-05-12 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

3570908.png

Police are still playing catch-up with cyber-crime, and are particularly struggling with poor reporting, a lack of data and the InfoSec skills shortage, said Ian Maxted, safer cyber coordinator at the UK’s Gloucestershire Constabulary.
Speaking at the ILEC Centre in London, Maxted offered a candid view of the police's technology capabilities, which was perhaps unsurprising given his own IT security background, including as a former penetration tester and a security consultant for Encryption.
He started his presentation by saying that the ever-increasing use of the Internet and big data is ‘creating opportunities for criminals' but also causing issues for police who remain ‘largely ill-equipped to deal with cyber-crime'. This proliferation was particularly worrying given the ‘siloed' nature of police forces, where idea and data sharing is not generally embraced.
Citing recent statistics, which indicated that that one in three adults suffered from online crime last year, he said that most organisations focus on achieving the bare minimum compliance and to this day have no board buy-in on cyber-security. These companies, said Maxted, “don't understand the benefits of good practice” and wouldn't truly understand until they have “become a victim and change their behaviour.”
One of the main problems, he added, is the reporting of cyber-crime with firms fearing reputational damage and crashing share prices, while also not trusting the police to bring the culprits to justice. In a warning to attending police staff, he said: “The reason industry is not engaging [with you] is because they don't trust you.”
Gloucester remains at the top when it comes to cyber-crime, winning high praise from HMIC in a report released last year, but even Maxted admits that this is just the start, with much of his job still ‘translating' the threat.
Legislation is also an issue and ‘ill-equipped' to deal with the fast moving pace of technology, said Maxted, who cited the Computer Misuse Act as an example; established in the 1990s in relation to landlines, mobiles and some email, it is now being used to judge on so much more. “The law is a grey area and open to interpretation,” said Maxted.
The security expert wasn't finished there, also urging police to liaise more closely with industry and to share data. For this, police would need to incentivize private firms enough to get involved. “Law enforcement is used to putting the hammer down and say ‘you will do this', but they can't do that now.”
He added that collaboration and more funding is needed, with education a continuing concern.
“Education is the biggest problem we have with corporations and with police officers. They've been focused on traditional crime so long that [cyber-crime] is alien to them.” Gloucester has forged ahead with ‘CEOP Think U Know' and social media campaigns.
Despite these problems, Maxted said that cyber-crime isn't as advanced as sometimes promoted, with DoS attacks and hackers exploiting vulnerabilities, poor patching or excessive open ports. Doing these basics is “like putting a seatbelt on”.
“We need to share nationally with what works and what doesn't. We welcome sensible discussions to move things forward, because you can't do it on our own. If you can help, with any advice, please tell me. We do care.”
Later in the day, Kevin Williams, general manager of TC-UK and formerly of the National Crime Agency's National Cyber Crime Unit, painted a more positive picture, citing CERT-UK and CISP as examples of positive public data sharing. “One of the great things I've experienced in law enforcement is collaboration that has taken place over the last couple of years with CERT UK.”
He noted however that sharing is important for “not only saving pounds” for also for stopping harm caused to others, and said that it can be efficiently done so long as this sharing of sensitive information is anonymised.
However, on internet policing, he was less definitive. “Who should police the internet? If you throw in [Edward] Snowden, this is a really complex question,” he said, citing legislation and geographic borders as recurring issues for law enforcement trying to deal with cyber-crime, which has been described as a ‘borderless' crime.
Williams continued that law enforcement is also having to contend with increasingly fast and agile criminals; he cited one example of a group that had their infrastructure up online for one day, conducted their criminality the next and “they were gone on day three”.
“It often means they've carried out attack, no one has seen the attack, and weeks later the criminality is found. But by then any logs that did exist have gone.” Instead, he said that this should get businesses thinking about their log management process.
SC Magazine:  http://bit.ly/1QOXqY9

 

« IBM Breakthrough In Quantum Computing
Data Protection Drives Cloud Security Market »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Norwegian Information Security laboratory (NISlab)

Norwegian Information Security laboratory (NISlab)

NISlab conducts international competitive research in information and cyber security and operates study programs in this area.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

MrLooquer

MrLooquer

MrLooquer provide a solution to automatically discover the assets of organizations on the internet, determine the level of exposure to attacks and help to manage risk accurately.

Bureau Veritas

Bureau Veritas

Bureau Veritas are a world leader in Testing, Inspection and Certification. We provide certification and training services in areas including cybersecurity and data protection.

Nu Quantum

Nu Quantum

Nu Quantum is developing quantum photonics hardware to power the quantum revolution in communications, sensing and computing.

Tactical Network Systems (TNS)

Tactical Network Systems (TNS)

Tactical Network Solutions helps you discover hidden attack vectors in IoT and connected devices before someone else does.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

CLEAR

CLEAR

With more than 17 million members and a growing network of partners across the world, CLEAR's identity platform is transforming the way people live, work, and travel.

Clarity

Clarity

Clarity is an AI cybersecurity startup that protects against deepfakes and new social engineering and phishing attack vectors accelerated by the rapid adoption of Generative AI.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.

DOT Europe

DOT Europe

DOT Europe is a consensus based organisation which brings a diverse membership together to agree on their collective stance on EU tech policy.

EasySec Solutions

EasySec Solutions

EasySec Solutions provides a cyber-security platform, based on a combination of the zero trust model and the software-defined security management.

SGNL

SGNL

SGNL redefines identity-first security by integrating business context, closing critical gaps, and transforming how enterprises manage privileged access for a secure, adaptive future.