ONS cybercrime report: Industry reaction and analysis

The Office for National Statistics (ONS) today released its annual crime statistics report which, for the first time ever, included cybercrime as a factor.

In response to the groundbreaking report, several industry professionals have offered their thoughts and analysis.

Terry Greer-King, director of cybersecurity, Cisco UKI:

"Cybercrime is a real and growing concern for the UK and it is therefore essential that it be included in the ONS’ statistics. Backed by a multi-billion dollar industry, today’s cybercriminals are becoming more innovative than ever, finding new and sophisticated ways of targeting individuals or businesses, breaching systems and evading detection.

"Indeed, cybercrime has become a lucrative business, costing anywhere from £300 billion to £1 trillion. Adversaries today are no longer lone wolves, but are operating in a tight knit community, trading intellectual property and sensitive data for financial gain. Bank account information, for example, is worth upwards of £1,000, while ransom for encrypted files can cost those compromised an average of £300 to £500.

"The pervasiveness of cybercrime cannot be underestimated. The frequency and complexity of high profile cyber-attacks of late attests that there are essentially two types of companies today; those that have been hacked and those that don’t yet know they have been hacked. Businesses need to be on the front foot, which involves prioritising security throughout the entire business and adopting a holistic cyber security policy that address the entire threat continuum – before, during and after an attack."

Richard Olver, VP of EMEA at Tanium:

“It comes as no surprise that cyber-crime has officially become the UK’s most common offense. The ONS report rightly brings to attention cybercrime figures which have been steadily increasing year on year, whilst hackers continue to use the same methods they’ve been using for decades. It is the gaps in organisations securities which are making them easy targets for criminals and these numbers will only begin to decline if cybersecurity software becomes more humanised.

“UK businesses are ill-prepared when it comes to cyber-security, with all too many organisations turning a blind eye to the ineffective security measures they have in place, exposing themselves and their customers to vulnerability. Identity theft, conducted through “phishing” scams and electronic attacks, leads to a corporate network breach. A network breach, in the same way, leads to mass data becoming accessible by criminals to commit crimes using methods like “phishing”; it’s a vicious cycle. These simple threats have existed for decades but because firms are neglecting to consider digital security as a board level issue, the numbers are continuing to rise.

“It’s a sign of the times that cybercrime is only making its first appearance in this annual report, however, it’s not all doom and gloom; a recent PwC report highlighted that there are now more formalised and plentiful avenues for the exchange intelligence on cybersecurity threats and responses, with 65 per cent of respondents collaborating with third parties to improve their security measures. What’s more, 36 per cent of businesses now have a security strategy for the IoT; whilst this is encouraging, companies still need the ability to scale their security systems for what could be a vast influx of extra devices and data.

“The way to help the UK’s growing security issues is to make cybersecurity simple, fast and human. Having a holistic overview of your IT estate and reducing any exposed ‘attack surface’ is key to providing a more informed response. The devolution of direct responsibility for a company’s security can create problems. Right now, there is a need for an omniscient platform that can provide the mature insight of infrastructure that companies today need.”

Richard Brown, Director EMEA Channels & Alliances, Arbor Networks:

“The news that the crime rate is expected to rise by 40 per cent due to cyber offences highlights the growing threat of cyber-attacks in today’s digital world. As we become more connected and reliant on technology, it is clear that companies need to be doing more as attackers continue to evolve.

“In today’s threat landscape, organisations need to be vigilant and ensure they have the right security in place to deal with hackers. What’s becoming essential, especially for larger organisations and high-value targets, is having the ability to detect and contain threats quickly – even when they make it past the perimeter defences. This isn’t all about technology – although having the right tools helps – people and process are key in this.”

David Kennerley, senior manager for threat research, Webroot:

"The inclusion of cybercrime as a category in the Office for National Statistics is a step forward and shows that it is being taken seriously as a crime. There’s a common misconception that cybercrime is somehow victimless – this is far from the case. Recent attacks such as Dridex, which was used to steal £20m from UK bank accounts show just how damaging they can be to all parties involved.

"Protecting ourselves from cybercrime is a joint effort – the government must take action to reduce the reported 3.8m incidents of cybercrime, but consumers must protect themselves too.

"Simple measures such as using different passwords for different online accounts, keeping systems and applications up-to-date, disabling commonly exploited browser add-ons, using ad blocker software and taking extra care when opening emails will all help reduce the risk of an attacker gaining access to your personal details."

Image source: Shutterstock/lolloj