According to an esteemed panel of UK, US, and EU-based law enforcement officials, co-operation between businesses operating in the private sector and influential legal bodies is becoming an increasingly important factor in the ongoing fight against cyber crime.
Speaking at this month’s Infosecurity Europe event in London, officials spoke out on a range of different subjects, with many opting to promote the concept of a collaborative relationship between private sector businesses and law officials, and later expanding on the progress made so far by those seeking to eradicate common cyber threats as a unit, rather than acting alone.
Restricting the reach of cyber crime
Deputy Director of the National Crime Agency’s National Cyber Crime Unit (NCCU), Andy Archibald offered an insight into the depth of the cyber criminal field and proposed a digital plan of attack against those at the helm of the industry. He said: “The majority of cyber threats around the world are very similar, with the cyber criminals operating in the UK also operating across Europe and in the US. Therefore, our response to these threats needs to be joined up. Our understanding of the threat, and the collection of intelligence and evidence must be co-ordinated moving forward.
“We must actively assess the criminal infrastructure, examining those developing the tools required to commit cyber crimes, the hosting services at the heart of the infrastructure, those who provide counter services that allow criminals to test the efficiency of their malware and those who launder money from cyber crime.”
Archibald alleviated concern that a co-ordinated response to fighting cyber attacks could present a number of cultural, legal and intelligence challenges, insisting that progress is already being made, with several opportunities opening up to law enforcement as part of a disruption strategy that could significantly impact the shape of the cyber crime industry.
Archibald added: “Law enforcement has achieved true co-operation in the past two years, despite cultural differences, but we now need to build up and consolidate relationships in order to create a coalition of trusted, like-minded countries that wish to work together to tackle common cyber threats. This relationship must go beyond information sharing, to include things like mitigation of threats and disruption of the criminal infrastructure.”
FBI Legal Assistant, Michael Driscoll explained that professionals in the private sector are regularly obtaining evidence of cyber-enabled crime “much quicker” than law enforcement.
Driscoll upheld Archibald’s belief that private sector organisations can help broaden the wider view and understanding of cyber-enabled crime, particularly as enforcement becomes increasingly reliant upon the information provided by these organisations on how to plan and react to incoming cyber attacks.
Driscoll added: “Just as a relatively small group of people are creating the core technologies behind the web, there is a small group at the heart of the technologies that feed the criminal world. The problem is that those technologies are easily dispersed. For a small amount of money, criminals can readily purchase tools that can take a company out in a matter of minutes.”
Amateur cyber crime on the rise
Wil van Gemert, Deputy Director of Operations and Acting Head of the European Cyber Crime Centre reaffirmed the need for an ongoing professional relationships, as the number of amateur cyber criminals continues to rise.
Van Gemert said: “One of the biggest challenges to law enforcement, is the emergence of the cyber-crime-as-a-service model, which lowers the barrier to entry. This means many more, lower-skilled would-be cyber criminals are able to access powerful cyber crime tools at a relatively low cost.”
Cyber security expert, Alan Woodward said because most cyber crime is carried out by organised gangs, many attacks are not originating from a single geographical location.
He explained: “Command and control systems might be in the UK or the US, while the money might be going to someone in Ukraine. It is so distributed, that the only way you are going to fight it is through international co-operation.”
Woodward also explained that evidence suggests that with the emergence of crime-as-a-service, there are around 100-200 key figures enabling cyber crime across the globe.
It is abundantly clear that valuable co-operation will play a significant role in the counter-attack against organised cyber crime. However, the rate of acceptance by those that could potentially eliminate cyber attacks altogether will ultimately control the speed at which tangible progress is made.
Our cyber certification
Cyber Essentials is a government-backed scheme that aims to encourage businesses and organisations to implement basic levels of digital protection against common cyber attacks, whilst allowing them to demonstrate an increased awareness of cyber security.
The Connect team are actively pushing for and working towards the development of a safer web, paying particular attention to boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management. We pay close attention to these basic controls, as when properly implemented, they can actively help to protect against unskilled Internet-based attackers using commodity capabilities that are widely available on the web.
Our Cyber Essentials certification demonstrates that, as a team of digital technology specialists, we continue to take essential precautions to mitigate the risk from common Internet-based threats. This is a conscious consideration that is at the forefront of our professional outlook, and we proudly add this certification next to our other industry-leading digital accreditations, including ISO9001 and ISO27001.
Connect is a specialist digital technology agency with unrivalled depth of experience and expertise. We have been providing high quality web, data and application development services for major public and private sector clients since 1994. Our clients include DVLA, NHS, Charity Commission, Hewlett Packard and Bank of New York Mellon.