[BreachExchange] Cybercrime: Under-Reporting Gives Hackers A Green Light

[Destry Winant]

https://www.cybersecurityintelligence.com/blog/cybercrime-under-reporting-gives-hackers-a-green-light-3444.html

Organisations which don't report that they've been the victim of
cybercrime are putting others at risk of further attacks and are
hampering the authorities' ability to fight against hackers, the UK's
serious and organised crime unit has warned.

The National Crime Agency has issued the warning to businesses as part
of its National Strategic Assessment of Serious and Organised Crime
2018.

"Under-reporting of data breaches continues to erode our ability to
make robust assessment of the scale and cost of network intrusions,"
said the report, adding "many companies are not disclosing data
breaches, putting victims at risk".

According to figures cited by the NCA, only 38 percent of people have
confidence that law enforcement can properly respondent to
'cyber-dependent' crime, with the implication that this is partly why
victims fail to report they've been hit. Even when cybercrime is
reported, the police may find themselves unable to convict the
perpetrators, because "those that do report may on occasion not be
prepared to support prosecution, hampering the ability of law
enforcement to act".

The National Strategic Assessment of Serious and Organised crime
suggests that the lack of successful cybercrime reporting means that
cyber attackers believe that there's no consequences of their actions.

This perception is also driven along by the courts often handing out
lenient sentences to those convicted of hacking, the NCA suggests,
although no specific examples of this are provided.

"Whilst courts acknowledge the seriousness of the crimes committed,
the level of sentence passed does not necessarily reflect this
seriousness, and can appear low," said the report.

According to the report, cyber criminal schemes at all levels continue
to pose a threat to the UK, and while many of these groups are
operating outside of UK borders, home-grown cyber criminals must not
be underestimated.

"The threat from UK domestic cyber criminals continues to mature, and
these domestic actors are capable of damaging attacks," the report
warns.

Almost all forms of cybercrime are on the rise, but one the National
Crime Agency points to as particularly dangerous for UK businesses is
the rise of business email compromise attacks and CEO fraud. While
these attacks take additional time and resources for hackers to
successfully carry out, they can be lucrative. Indeed, the FBI has
stated that these scams cost global businesses billions.

The sheer number of large data breaches is also fuelling an increase
in fraud and phishing, as criminals are able to get their hands on
sensitive data to help carry out attacks.

The NCA notes that with the introduction of GDPR, in theory,
organisations will have to report all data breaches "eventually
leading to a reduction" as organisations are forced to take additional
responsibilities in order to protect against cyber-attacks.
However, the report notes that despite GDPR comes into force,
awareness of the legislation is "limited", especially amongst small
and medium sized businesses.

But there's one thing the NCA points to as a certainty - that cyber
criminals and crime groups will continue to target the UK.

"The increasing sophistication of crime groups, coupled with the
changing nature of their geographical reach, demonstrates more than
ever the requirement for an increasingly co-ordinated response," said
NCA Director General Lynne Owens

"Working alongside our law enforcement, intelligence and other
partners, we are changing the way we operate to ensure the biggest
possible impact. We will use this intelligence assessment to build on
our operational successes and evidence why further investment in
capabilities and capacity is necessary."