RUSI has published its report on the UK and cyber fraud this month. It makes stark reading. One of the contributors to the report, former National Coordinator for Policing Economic Crime, Commander Stephen Head, referred to cyber fraud as ‘near endemic’ in the UK. Too often referred to as a ‘victimless crime’, cyber fraud is nothing of the kind. It does untold psychological harm to its victims, many of whom are also left destitute or robbed of their life savings. And cyber fraud does not just target individuals, it targets organisations too, both in the private and public sector, costing the economy millions of pounds annually. For many criminals, cyber fraud looks a low risk, low-entry level and highly lucrative enterprise, particularly during this pandemic. The challenge, as the report highlights, is to make it less attractive.
The report puts forward 11 recommendations, focused primarily on:
– improved capability to disrupt criminal networks engaged in cyber fraud;
– enhanced awareness raising and education for private citizens and organisations;
– better sharing and integration of data across agencies, government departments and
– improved procedures to enable the private sector to share information with LEAs;
– more structured and formalised training for law enforcement online investigators;
– and acknowledgement of private companies’ role in helping to disrupt criminal
Information sharing is rightly highlighted as critical and underpins so much of RUSI’s proposals. Rich picture intelligence provides a better understanding of the criminal networks engaged in cyber fraud and how to disrupt them. It also enables agencies such as the NCSC and NCA to update and improve the advice they provide to potential victims, both individuals and organisations, about the techniques criminals use to dupe them. The report notes that current privacy regulations can impinge on information sharing between international partners, a particular challenge given the transnational nature of much cyber fraud. This will be an area of particular focus, particularly in the aftermath of Brexit, as well as Schrems II, which has seriously undermined the process of sharing data with US law enforcement through Privacy Shield.
Reliance ACSN advisory board member Dr Victoria Baines peer-reviewed the report for RUSI’s cybersecurity research team. For her, the report highlights key areas for improvement in the cross-sector response to cyber fraud, particularly when it comes to support to victims:
“Traditionally, law enforcement has countered cybercrime and fraud separately, reflected in the structure of police forces to this day. But businesses faced with an attack or a breach need clarity on where to report, and where they can find support in a crisis. RUSI’s report not only sets out these issues clearly, but also provides achievable recommendations for a strategic approach to the problem. I look forward to its implementation by the government and its partners.”
We all have a role to play in fighting cyber fraud, particularly in raising our individual and collective awareness of the threat, being much more circumspect about cold approaches over media and reporting scams and fraudulent approaches to the UK authorities (we recommend highly NCSC’s firstname.lastname@example.org). The report also highlights the opportunity managed security service providers have to contribute to that awareness and to enable greater insight into cyber fraud through our threat intelligence activity. This is a responsibility we at Reliance acsn embrace. We commend this report as an impressive strategic vision on countering cyber fraud in the UK.