New figures which report a fall in ‘computer misuse’ and a rise in fraud merely serve to show that the authorities are failing to grasp the true impact of cyber crime. That’s according to cyber security expert Tim Thurlings of bluedog Security Monitoring who suggests that the current figures disguise the full extent of the problem and demonstrate the need for more accurate ways in which to measure cyber crime.
The figures issued by the Office for National Statistics show that, according to the National Fraud Intelligence Bureau (NFIB), ‘computer misuse crime’ fell by 11% to 21,471 offences in the year ending September 2019, following rises in the previous two years. The NFIB figures include cases reported by businesses and other organisations.
Meanwhile, the Crime Survey for England and Wales (CSEW) estimates that, among the population as a whole, there were just over a million offences. This is unchanged from last year.
However, both sets of figures also show significant rises in fraud over the same period. According to the NFIB, the number of reported cases rose by 19% in the year ending September 2019, totalling 743,413 offences.
Fraud offences experienced by adults in England and Wales increased by 9% to 3.8 million according to the CFEW. This increase was driven mainly by a rise in ‘bank and credit account fraud’ which totalled 2.7 million offences.
Difficulty in defining cyber crime
Thurlings, a former ‘ethical hacker’ who helped to develop the European TIBER threat intelligence framework, said: “These figures demonstrate the difficulties the authorities face in defining cyber crime. At present, we’re failing to capture the true extent of the problem. So-called ‘computer misuse’ is just the tip of the iceberg. I expect that cyber crime plays a role in many of the fraud cases, even though they may not be classed as such. For example, a lot of payment card fraud is now caused by attackers penetrating retailers’ IT networks and putting malware on their Point of Sale systems to capture customers’ card details.”
He continued: “Meanwhile, ‘authorised push payments’ – where victims are tricked into paying money into a criminal’s account – are often the result of phishing e-mails or phone calls and are a type of social engineering which is very much part of cyber crime.”
Thurlings went on to state: “It’s clear that the police and the finance industry are lacking know-how on what computer misuse is and how these attackers operate. As cyber crime has become complex and sophisticated, it’s also very difficult to place offences in one category or another. In many cases, cyber crime is indeed part of the mix. For example, criminals may also use phone calls to victims as part of the scam.”
In conclusion, Thurlings observed: “Certainly, we need better ways to measure cyber crime and understand its impact on business and society as a whole. Companies must be aware of the growing threat and understand that security should not be left to the IT Department. Rather, it’s now everyone’s responsibility.”