Scotland ups the ante in fight against cyber crime
It has been difficult to miss the so-called growing threat of cyber crime in the UK in recent years – political rhetoric about its prominence has propelled it to a matter of major national security while companies make billions of pounds each year by promising to protect us from it.
The link between the internet and crime has been the source of much debate in Scotland – indeed the controversial anti-sectarian legislation that passed through the Scottish Parliament contained powers to punish people for comments they make online. And figures released last month showed there had been a 14 per cent annual rise in hate crime, which was linked in part to a greater police focus on what people are doing online.
But the obsession with cyber crime is not just a Scottish phenomenon, in fact earlier this year the Home Secretary Theresa May told a conference that a child can now be at greater risk sitting in a bedroom on a computer than outside the school gates.
She added cyber crime was a serious problem which caused more losses than burglars stealing televisions and DVDs from homes.
Outlining plans for a new National Crime Agency (NCA), May said: “Increasingly, the biggest criminal losses do not come from the burglar who breaks into houses to steal TVs or DVD players, but from the cyber criminal who raids bank accounts directly.
“A child can now be at greater risk sat in their bedroom on their computer than they are outside the school gates. And given the nature of the criminal threat, it is now no longer possible to keep communities safe through good local policing alone.
“Highly visible neighbourhood policing is vital, but it won’t deal with cyber crime.”
Authorities are now focusing more on the economic effects of cyber crime – which is estimated to cost Scottish businesses £5bn a year.
The Scottish Government last month gave Fergus Ewing, Minister for Energy, Enterprise and Tourism, responsibility for tackling the growing threat posed by cyber criminals. The new ‘cyber minister’ will oversee the formation of a cyber security action plan to help protect businesses and individuals.
A summit in Edinburgh last month was organised by e-Crime Scotland, which was developed through the Scottish Financial Crime Group.
It is working with partners in the Scottish Business Crime Centre (SBCC), law enforcement, Scottish Government and the wider business community.
The summit was designed to address some of the most common risks faced by businesses – including poor IT security which potentially allows criminals to steal contacts and identities and infiltrate bank accounts.
Justice Secretary Kenny MacAskill said: “Cyber crime seriously harms businesses and individuals and it is vital we do all we can to tackle the threat of viruses, hacking attacks, fraud and other information security breaches.
“The Scottish Business Crime Centre is leading on important work in this area and on behalf of the Scottish Government, I thank them for their efforts.
“At government level, we are also developing a cyber security action plan to take forward a number of areas of work, overseen by Fergus Ewing, Minister for Energy, Enterprise and Tourism, with responsibility for the wider cyber security agenda.”
The number of people subjected to cyber crimes globally in 2011 was said to be 431 million, with the cost of cyber fraud at $388bn.
Gary Ritchie, SBCC assistant director, said: “Cyber crime is not a fad. It is a clear and present danger for all businesses, regardless of size or sector.
“We estimate that Scots businesses are losing around £5bn a year to cyber criminals. That is an enormous amount that should concern every business boss and employee in Scotland.
“But the reality is that much of the threat of e-crime can be eradicated by simple and inexpensive measures.”
Ritchie said it was important that small to medium-sized businesses concentrated on the threats.
He added: “We’ve found that larger businesses continue to develop research and refine their response to the threat of e-crime, but the smaller businesses can sometimes fall behind in the fight against online attack.
“This leaves them as viable targets for the online criminal as they may have a lack of cyber confidence, be unaware of where to direct concerns and, ultimately, what they need to do to become more secure.”
The UK Government is also investing huge sums of money to tackle what it describes as a growing problem.
HM Revenue and Customs recently announced it was putting together a unit of analysts, technical experts and investigators to focus on cyber crime – by using technology funded by the Government’s £650m national cyber security programme.
“As more and more of HMRC’s systems move online, cyber criminals will look to exploit any opportunity to attack the repayment system,” said exchequer secretary David Gauke.
“HMRC is getting ahead of the curve – taking forward what it is already doing in a better way.
“In the last year alone, customers reported over 200,000 bogus emails purporting to come from HMRC and, as a result, HMRC shut down close to 1,000 bogus websites.”
Cyber security minister Francis Maude said: “This new unit will play a vital role in tackling online organised tax fraud and we have committed National Cyber Security Programme funding to it to ensure we are better prepared to deal with cyber threats and are better able to protect the public and businesses online.”
Maude said online offences including identity theft, phishing scams and card fraud were “some of the fastest-growing crimes in the UK”.
He said: “A recent survey showed that one in seven large organisations have been hacked in the last year, with large organisations facing one outsider attack per week; small businesses face one a month.
“Intellectual property theft through cyber crime is a major concern. Countries and organisations across the globe are losing billions of pounds each year to cyber criminals.
“UK Government networks continue to be regularly targeted by foreign intelligence agencies, or groups working on their behalf. And we know that the threat is accelerating.
“High-end cyber security solutions that were used 18 months ago by a limited number of organisations to protect their networks may already be out in the open marketplace – giving cyber criminals the knowledge to get round these protective measures.
“Our responses have to be fast and flexible. What works one day is unlikely to work a matter of months or even weeks later.”
While cyber crime has been an ongoing issue for authorities, action taken against perpetrators has been a source of criticism throughout the UK.
The head of Scotland Yard’s e-crime unit demanded tougher action on cyber criminals.
Det Supt Charlie McMurdie said fraudsters and robbers still get longer sentences than cyber criminals.
Her comments came after the FBI detected an Estonian gang who infected four million computers in 100 countries with code redirecting users to online ads, allegedly making them £9m.
Det Supt McMurdie said: “Sentencing is still an issue. Some of these people have made millions and if it was fraud or robbery they would get eight or ten years but they get less because it’s cyber crime.”
She said there was a “significant cyber threat around the Olympics” and there had already been a lot of fraud involving online ticketing but the picture was “constantly evolving”.
But while there seems an increasing attempt to tackle cyber crime, some experts believe it will always be a case of damage limitation.
Eugene Kaspersky, a Russian expert who founded Europe’s largest anti-virus company, Kaspersky Lab, told a conference in Northern Ireland recently that cyber crime is unfortunately a very successful enterprise.
He said: “Cyber-criminals have a very easy job because they’re just software engineers. It’s very hard to find them so it’s a low-risk business.”