In Britain crime is not slowing, it’s simply moving online to where the criminals fail to get caught. It means we’re now less safe online than we are in the street.
These criminals are more innovative, more motivated, and better financed than the good guys and yet we still don’t know the full extent of cybercrime as there’s such a huge under reporting of it.
I’ve had friends try to use the UK’s anti-fraud website Action Fraud, where online crime is reported, only to give up because it is too complicated. There’s also the embarrassment of reporting it at all for many people.
What is absolutely clear is that the levels of crime in the UK are not going down. They are just going online. It’s a lot less risky for a criminal than breaking into a bank. They can also aim at many targets at once, but as a society we’ve not automated our response.
What we need to do is make cybercrime reporting easier and use better data analysis. Most of the cases reported to Action Fraud are simply not taken up and investigated. We also need automated analysis to make sure identifying the people behind the small time offences is much easier. At the moment it’s relatively risk-free activity compared to storming down the high street and trying to break into a bank.
Even a decade ago it was obvious this was going to happen. Back then I was head of technology for Ofcom and I was sent off to Chatham House for a conference in 2004/5 on the subject of internet safety and crime.
I came back with a whole load of terms including digibots, white hats, wizards, and some words they seemed to have invented on the spot like televiruses. When I reported back, people thought it sounded like something out of Dungeons and Dragons. But what we were all talking about then was exactly what occurred, it just didn’t get taken seriously at the time and that’s still the case. I went back to that old presentation the other day and now, everything is exactly as predicted.
“Once criminals have data on you, you are vulnerable to a whole series of other attacks”
In those days Ofcom, under Lord Currie, was very clear that the internet was not within its regulatory remit, so nothing was done. It was nobody’s responsibility, irrespective of the dangers, but it needed to have a much higher priority on the political agenda.
As things have changed I believe there are now two other growing areas that we need to give extra consideration for the immediate future.
The first is mobile phones, which tend to have much less protection than operating systems like Windows. Ofcom have said mobile security should be left entirely to mobile operators, which I personally think is not good enough. That approach was repeated when, after the TalkTalk breach, I asked for a government response to what was being done, and the answer was basically, ‘It’s nothing to do with us, guv.’
The second threat will come from the Internet of Things – the idea that household items connected to the internet will talk to us and each other. I’m a big believer in this technology. I’ve studied it and even built bits of it – in a previous career I was a software and a hardware engineer and a network engineer building mobile, fixed and wireless networks. I was also the first MP to speak about the Internet of Things in the House. I believe it has the potential to transform our lives more than anything since electricity, but there are huge security implications.
People are already uncomfortable with how their data is being hijacked, used, stolen and breached – imagine how they will feel about their water supply being hacked? Their children’s bedrooms?
The Government’s primary responsibility is to keep its citizens safe, but it is already failing that for citizens online. This will be a question of standards, protocols, industry co-operation, self regulation and – if necessary – legislation. Once criminals have data on you, you are vulnerable to a whole series of other attacks.
We need much more protection for individuals. Just 1% of the cybercrime budget is spent on consumers, with the rest spent on national security and critical infrastructure, while small businesses and consumers are left to fend for themselves. The national defence budget is two to three times the size of the police budget, but online we spend around nine or 10 times more on national security than personal security.
Industry needs to change too. I recently launched the Association of Chartered Accountants in England and Wales (ACAEW) report on cyber security. They are calling for big companies and corporations to become much more pro-active in taking responsibility for the small companies in their supply chain – and that goes for governments as well. That could mean bringing in both reporting requirements and also insurance companies reflecting this in premiums.
Being attacked myself last year brought home a bit more the threats we face. We have five people in my office which makes us about the same size as a small business. I had already spoken to staff about their online behaviour and not bringing in USB sticks, but it looks like it may have got through by someone clicking on a legitimate advert.
What happened to us wasn’t exactly a hack. It was a malware crypto-lock virus. It’s ransom-ware. It locks up files and it’s serious enough – certainly if you believe the ransom and pay the money – or if you don’t have the right IT support behind you.
Luckily enough as an MP I had enough support to deal with it. We lost three or four days of work, although it took about a month to get back to normal. We believe it may have come from an advert on a web page. It certainly wouldn’t have come through any office staff and the firewall should have got it, but as we know viruses can change their tags 3,000 times in a single day.
Collectively, we have to realise that the internet is not free and our whole lives will have traces of everything we do on it.
It is not another world. It’s not another universe, it’s used by criminals living in the real word right now.
HOW CHI’S CLAIMS STACK UP
We are less safe online than on the street.
For the first time cybercrimes were counted in the latest 2015 UK Crime Survey statistics leading to a shocking 107% rise in all crime – more than double the previous level – meaning more than half all current reported crime now takes place online.
Bureaucratic fraud reporting procedures.
Action Fraud is the online fraud reporting website for the UK. It confirms that simply filling in the forms to report a cybercrime takes “20 to 30 minutes”.
Large numbers of cybercrimes are never investigated.
In the last full year of figures Action Fraud ignored three out of four complaints. It received 230,000 reports of crime of which 61,000 were passed to police to ‘consider’ investigation, Home Office minister Mike Penning told the Commons.
Britain spends the majority of its money on fighting international cyber threats and very little on consumers and small businesses.
In a written answer to Chi, the Secretary of State for Culture, Media and Sport, Ed Vaizey revealed that just £14 million out of a total spend of a £840 million programme is exclusively aimed at small businesses and the consumer. (The Government plans to double its total investment of the next five years).