Last week I attended an exclusive invite only Cybersecurity discussion in the City of London at an evening hosted by 8MAN. It was a lively debate on how the current and future of cybercrime prevention is shaping up. Jens Puhle, UK Managing Director for access rights management specialist 8MAN, moderated the evening, and was an incredibly knowledgable host.

[easy-tweet tweet=”CTC’s @NeilCattermull recaps @8Man_UK’s #CyberSecurity evening” user=”comparethecloud” hashtags=”infosec”]

Research has found that almost 40 per cent of data breaches in the UK are caused by insider theft, but 8MAN believes the true figure is much higher. They have found many firms are not equipped to discover data theft in the first place, or are either unwilling to report crimes or unaware of how to do so.

One of the speakers of the evening, Esther George actually initiated and designed the Global Presecutors E-Crime Network (GPEN) in 2008 to enable cybercrime prosecutors around the world to learn and benefit from sharing information, experiences, and strategies with each other. Which is just incredible, and such a revolutionary development in the way we look at cybercrime.

Esther has spearheaded 8MAN‘s launch of Cyber Detect & Protect, a new consultancy service to help organisations protect themselves from insider cybertheft and successfully work with prosecutors to bring criminals to justice.

She comments: “Insider theft is one of the most damaging kinds of data breach a company can suffer, but the level of crime is drastically under-reported. Many firms have no idea how to identify a breach, but even if they do it is still all too common for it to go unreported, either because the firm fears the backlash of it going public, or does not know how to proceed.

“There is a lack of knowledge about what information is needed to help the authorities build a solid case for  prosecution, or where to report the crime in the first place. Many firms go straight to the Information Commissioner’s Office (ICO) and never take their case to the police. While the ICO will invesigate and can issue fines, this means the police and CPS may not even be aware of many cases.”

Another extraordinary speaker was Colin Nicholls QC who successfully defended in the UK’s first hacking case in the House of Lords which led to the passing of the Computer Misuse Act 1990 (R v Gold and Schifreen [1988] AC 1064).

Philip Manning a Consultant in Financial market and former board member of ADIB (UK) Ltd MBNA Europe & Barclays Financial Services also spoke, as did Philip Virgo, the Chairman of the Conservative Technology Forum and former Secretary General of EURIM, the European Information Society group and Simon Fordham OBE, the Chairman of The International Cyber Security Protection Alliance.

It looks like the Met are getting tough on Cybercrime in a big way

It looks like the Met are getting tough on Cybercrime in a big way, but the international links to cybercrime still delay and mask many convictions due to individual bureaucracy.

DCI Gary Miles of the Metropolitan Police was due to speak at the event, but unfortunately couldn’t attend, the Metropolitan Police’s Operation Falcon provided the below statement in place of his absence.

Operation Falcon, Metropolitan Police

“U.K. Law enforcement (NCA, Met Falcon, Regional Organised Crime Units) are really keen to build better working relationships with business. This area was never a priority so frankly forces largely ignored it.

Business didn’t often report as they had no confidence we would do anything about it and if we did, often we didn’t have the capability or experience to investigate effectively. That’s changed, the Home Office has substantially invested in new capacity and capability but it needs to be bigger. The Met are also investing up to 500 officers and staff in this area now, a huge increase in the face of 20% cuts. No other forces have invested to this level. Most haven’t increased staffing at all. This led to the creation of Falcon (Fraud and Linked Crime Online). Since we started Aug 2014 we’ve made more than 1000 arrests. Everyone is getting charged, very few are getting acquitted and we’re getting good sentences. If we can identify a real person (the big challenge) all the evidence is on their devices or in their bank accounts so they’ve got nowhere to go.

More cyber criminals aren’t convicted because forces don’t investigate as they don’t have the capability or capacity. The 2 biggest challenges are the fact the crime is often global so there are jurisdictional issues and delays and we need communications data to prosecute. Often that data is in countries or companies that can’t/won’t give it to law enforcement. Increasing levels of encryption also make it harder and harder to intercept comms or retrieve it evidentially through digital forensics. The government’s draft Investigatory Powers Bill addresses some of this and is a big step forward but only covers UK based providers. What about overseas? 

That’s a massive gap. These are the biggest challenges to successful prosecution although there are plenty of UK based cyber criminals to tackle as well as the international ones.

Where business can help is firstly to report everything so we all understand the scale of the problem and properly resource an effective response. Where big business can help is supporting us through their resources be it skilled staff supporting investigations, training, access to business intelligence and technology or sponsorship to help fund our work.

On the mistake front companies leave it too late to tell us they’ve had a problem or we often only communicate through lawyers. This delays everything, leads to misunderstanding and means evidence is often lost. 

Tell us early what is happening in a big breach. If you change your mind about cooperating/prosecuting later we’ll walk away. We understand businesses desire for confidentiality and need to get business back to normal as quickly as possible and we won’t undermine that. The only time anything is public from our point of view is when someone is charged and a reporter sees them at court. A cyber incident crisis might be the first for the company but it won’t be for us. We can advise you on what worked and didn’t work in other incidents to help businesses make the right decisions under pressure.

I’d like to see more international cooperation to bring offenders to justice between governments and law enforcement along with timely access to international comms data. I have a counter terrorism background and want to see the same level of cooperation in this area.”