Cybercrime is becoming increasingly dangerous to organizations and individuals alike, according to Chief Supt. Andrew Gould, national cybercrime programme lead at the National Police Chiefs’ Council speaking during the BankSec 2020 virtual conference.
One reason for this is that cybercrime is becoming easier to conduct, with tools more readily available from the internet and able to be deployed without much technical skill. “That barrier to entry to the criminal marketplace is lower than it’s ever been,” noted Gould.
The rise in cybercrime as a service, whereby nefarious actors from across the world can be employed relatively cheaply to help undertake attacks, has been another big factor in recent years.
The kinds of attacks being launched are also becoming more consequential. While ransomware remains the biggest attack vector, with Gould observing that the malware used is “more complex and damaging”, the behavior of cyber-villains becoming “more confrontational.”
Business fraud attacks – in particular, phishing and business email compromise (BEC) attempts, have grown exponentially recently according to Gould. “There are millions of pounds that organizations are losing to this every week which causes tremendous disruption,” he outlined.
Another trend highlighted is that criminals are conducting far more research and planning ahead of attacks, largely as a result of improved security. Much of this is discovering personal information on social media sites in order to launch more impactful phishing messages for example, with Gould stating that people should “consider the kind of information they’re posting and how that can potentially be used against you or your organization by appearing to be more realistic.”
For organizations to mitigate against these threats, Gould said it is vital that backups are in place, which unfortunately is often not the case. “You can recover from just about any security breach unless you don’t have effective backups – if you can’t restore from backups you can potentially lose everything,” he said.
His other main advice to organizations is to have strong password policies, ensuring the use of three random words and two-factor authentication is mandated across staff, as per National Cyber Security Centre (NCSC) recommendations. He commented: “If your organization is enforcing those standards for your staff and for your customers, you are going to mitigate a lot of current successful attacks.”
In terms of the police response to cybercrime in the UK, Gould explained that a much more proactive approach is now being taken. While there is a very strong and integrated national network, a greater focus on preventing these types of crime at a local level is crucial. Now, every police force in the country has a cybercrime unit which undertakes initiatives such as giving advice to victims, helping organizations improve their defences and incident response strategies, as well as identifying young people who are at risk of going down the path of cybercrime in order to “point them on a more meaningful path.”
Gould added: “Unlike other areas of crime, these are skills we want to encourage because there’s a huge skills shortage in the industry – so we want people to test their skills and improve, but in a safe way.”
He said this approach has taken the pressure off the regional teams to focus on organized crime groups, “so there’s a level of proactive, covert operations against the high end crime groups that’s gone from strength to strength.” This, he believes will lead to increased numbers of cybercrime arrests and prosecutions in the months and years ahead.
One reason for this is that cybercrime is becoming easier to conduct, with tools more readily available from the internet and able to be deployed without much technical skill. “That barrier to entry to the criminal marketplace is lower than it’s ever been,” noted Gould.
The rise in cybercrime as a service, whereby nefarious actors from across the world can be employed relatively cheaply to help undertake attacks, has been another big factor in recent years.
The kinds of attacks being launched are also becoming more consequential. While ransomware remains the biggest attack vector, with Gould observing that the malware used is “more complex and damaging”, the behavior of cyber-villains becoming “more confrontational.”
Business fraud attacks – in particular, phishing and business email compromise (BEC) attempts, have grown exponentially recently according to Gould. “There are millions of pounds that organizations are losing to this every week which causes tremendous disruption,” he outlined.
Another trend highlighted is that criminals are conducting far more research and planning ahead of attacks, largely as a result of improved security. Much of this is discovering personal information on social media sites in order to launch more impactful phishing messages for example, with Gould stating that people should “consider the kind of information they’re posting and how that can potentially be used against you or your organization by appearing to be more realistic.”
For organizations to mitigate against these threats, Gould said it is vital that backups are in place, which unfortunately is often not the case. “You can recover from just about any security breach unless you don’t have effective backups – if you can’t restore from backups you can potentially lose everything,” he said.
His other main advice to organizations is to have strong password policies, ensuring the use of three random words and two-factor authentication is mandated across staff, as per National Cyber Security Centre (NCSC) recommendations. He commented: “If your organization is enforcing those standards for your staff and for your customers, you are going to mitigate a lot of current successful attacks.”
In terms of the police response to cybercrime in the UK, Gould explained that a much more proactive approach is now being taken. While there is a very strong and integrated national network, a greater focus on preventing these types of crime at a local level is crucial. Now, every police force in the country has a cybercrime unit which undertakes initiatives such as giving advice to victims, helping organizations improve their defences and incident response strategies, as well as identifying young people who are at risk of going down the path of cybercrime in order to “point them on a more meaningful path.”
Gould added: “Unlike other areas of crime, these are skills we want to encourage because there’s a huge skills shortage in the industry – so we want people to test their skills and improve, but in a safe way.”
He said this approach has taken the pressure off the regional teams to focus on organized crime groups, “so there’s a level of proactive, covert operations against the high end crime groups that’s gone from strength to strength.” This, he believes will lead to increased numbers of cybercrime arrests and prosecutions in the months and years ahead.