SPEAKING in Budapest, the Foreign Secretary William Hague recently announced that cyber-crime is “one of the greatest global and strategic challenges of our time”. In July, the director general of the Security Service Jonathan Evans stated that cyber security ranks alongside terrorism as one of the four key security challenges facing the UK. There is no getting round the fact that nationally and globally we need to raise our game.
And I’m not talking about short-term investment and one-off security reviews. The only way we can get to grips with cyber-crime is by taking a long-term strategic approach.
In saying that “it has never been easier to be a cyber-criminal” the foreign secretary hammered home the point that the time for sitting on the sidelines debating how much time and resources can be spared is well and truly over. His statement should send a chill down all our spines – especially those running British companies. After all, businesses are in the eye of the storm, last year picking up three quarters of the UK’s £27bn cyber-crime bill. Evidence suggests things will get even worse.
It is important to recognise the steps that the financial sector is taking to get its house in order, exemplified last week when banks participated in the European Union’s biggest financial security exercise.
But still, a walk through many offices will reveal employees working on computers equipped with USB and DVD drives that have write capability as standard, as well as office infrastructures with little partitioning of data to limit access based on appropriate need and security clearance. Cloud computing, social media and remote devices all offer new business opportunities, but also provide different ways for fraudsters to compromise company systems.
Some senior executives are still not engaging with the dangers facing their organisations – only signing-off investment to combat what they perceive to be the existing threat, while technology is moving so quickly that a new and more formidable foe is already knocking at their doors. Boardrooms must move beyond the quick fix and instead seize the initiative and look for a fresh approach to the issue of data security and the future fraud threats coming from the internet.
Hague has announced that the government is spending £2m on a new cyber-crime centre and the Home Office has already placed economic crime as one of the four pillars of the new National Crime Agency. These are important steps and I look forward to my force assisting in their development. At the City of London Police we are part of the International Cyber Security Protection Alliance, set-up to help governments, law enforcement and businesses get a head-start on cyber-criminals. Closer to home we are confronting frauds exploiting the latest technologies, supported by our National Fraud Intelligence Bureau’s cyber-crime desk.
While it is vital that we think big and look beyond our shores to face-down this criminal epidemic, we must also all take responsibility for keeping our own house in order.
Adrian Leppard is commissioner for the City of London Police.