Official cyber crime figures are ‘tip of the iceberg’ warns bluedog Security Monitoring

New figures which report a fall in ‘computer misuse’ and a rise in fraud merely serve to show that the authorities are failing to grasp the true impact of cyber crime. That’s according to cyber security expert Tim Thurlings of bluedog Security Monitoring who suggests that the current figures disguise the full extent of the problem and demonstrate the need for more accurate ways in which to measure cyber crime.

The figures issued by the Office for National Statistics show that, according to the National Fraud Intelligence Bureau (NFIB), ‘computer misuse crime’ fell by 11% to 21,471 offences in the year ending September 2019, following rises in the previous two years. The NFIB figures include cases reported by businesses and other organisations.

Meanwhile, the Crime Survey for England and Wales (CSEW) estimates that, among the population as a whole, there were just over a million offences. This is unchanged from last year.

However, both sets of figures also show significant rises in fraud over the same period. According to the NFIB, the number of reported cases rose by 19% in the year ending September 2019, totalling 743,413 offences.

Fraud offences experienced by adults in England and Wales increased by 9% to 3.8 million according to the CFEW. This increase was driven mainly by a rise in ‘bank and credit account fraud’ which totalled 2.7 million offences.

Difficulty in defining cyber crime 

Thurlings, a former ‘ethical hacker’ who helped to develop the European TIBER threat intelligence framework, said: “These figures demonstrate the difficulties the authorities face in defining cyber crime. At present, we’re failing to capture the true extent of the problem. So-called ‘computer misuse’ is just the tip of the iceberg. I expect that cyber crime plays a role in many of the fraud cases, even though they may not be classed as such. For example, a lot of payment card fraud is now caused by attackers penetrating retailers’ IT networks and putting malware on their Point of Sale systems to capture customers’ card details.”

He continued: “Meanwhile, ‘authorised push payments’ – where victims are tricked into paying money into a criminal’s account – are often the result of phishing e-mails or phone calls and are a type of social engineering which is very much part of cyber crime.”

Thurlings went on to state: “It’s clear that the police and the finance industry are lacking know-how on what computer misuse is and how these attackers operate. As cyber crime has become complex and sophisticated, it’s also very difficult to place offences in one category or another. In many cases, cyber crime is indeed part of the mix. For example, criminals may also use phone calls to victims as part of the scam.”

In conclusion, Thurlings observed: “Certainly, we need better ways to measure cyber crime and understand its impact on business and society as a whole. Companies must be aware of the growing threat and understand that security should not be left to the IT Department. Rather, it’s now everyone’s responsibility.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts