Time to lock down the cyber criminal threat

Jun 30 2009 by Karen McLauchlan, Evening Gazette

The Government’s new cyber strategy aims to ward off internet fraudsters who cost firms millions of pounds each year. But in Tees Valley the fight has already begun, as JEZ DAVISON discovered...

THE cyber criminal is on the march.

New technologies and the social networking revolution have created a new army of internet fraudsters capable of sophisticated stealth attacks on online security.

Last year cyber criminals targeted an estimated 4.7m computers in Europe, the Middle East and Africa, according to security firm Symantec.

And Tees Valley businesses are being caught up in the cross-fire.

Annually cyber crime costs the global private sector as much as $1 trillion US dollars and Britain’s SMEs (small and medium-sized firms) up to £5,000 each.

While the internet has revolutionised trade and given rise to a host of networking platforms - for business and pleasure - it has also created an enlarged space for criminals to carry out their work.

The Government has launched a counter-attack by announcing a new national cyber centre, which will bolster Britain’s defences against the potent power of internet hackers who have turned online trading into a minefield.

More than half of respondents to a Federation of Small Businesses (FSB) survey said they had been a victim of fraud or online crime, while 26% said they were deterred from trading over the internet because of the fear and risk of online fraud.

Angus Marshall, senior lecturer in forensic science at Teesside University, says online fraud could seriously undermine the long-term growth of online retailing.

He says: “Mistrust is developing among consumers. People will buy from Amazon because it’s a well established brand but a new retailer setting up might struggle.

“It (cybercrime) is not an easy problem to solve because the internet is largely deregulated. It’s easy for miscreants to be effectively anonymous.”

New technologies have enabled the cyber criminal to hack into apparently secure sites, meaning that basic protective measures are no longer enough.

Emma Simkins, managing director of Towergate Risk Solutions Teesside, says that firms should consider access control, data encryption and secure password practices to minimise their risk, as well as looking at other measures such as staff training.

And local firms have been taking her advice by brushing up on their cyber knowledge and skills.

In the last year around 140 staff including detectives, forensics specialists and insurers have enrolled on fraud-related courses after getting in touch with Teesside University’s Centre for Fraud and Financial Crime.

Programme director at the centre, Fred Hutchinson, says the corporate world needs a deeper understanding of fraud and the way in which e-criminals operate.

“Any new technology provides an opportunity for new crime,” he says. “It’s very difficult for SMEs to protect their intellectual property.”

The problem is trying to work out where the next cyber attack is coming from - especially with fraudsters creating new crimes that companies have never encountered.

“We’re always responding to yesterday’s fraud, rather than tomorrow’s. That’s what makes it so difficult to track,” says Mr Hutchinson.

But local bosses claim that if they cannot solve the problem, they can at least reduce their exposure to it.

Diane Ellis of Sedgefield-based PR firm Peter Troy The Publicist, has stopped being hit by trojans and worms - forms of viruses - since installing free AVG anti-virus software from the internet.

She also deletes e-mails that contain unusual attachments.

“The simple message is: be careful,” she says. “If it looks dodgy, I won’t open it.”

Her caution is mirrored by many others, with cyber crime widely regarded as one of the most serious security issues facing business.

Michael Grayson, a forensics expert at Darlington accountancy firm Clive Owen & Co, says that 60% of his cases involve “a cyber element”.

And he warns recession-hit firms not to slash their crime protection budgets to save a few pennies.

“Could your business afford to lose out through online fraud? When things are so tight, as they are now, fraud could be the difference between survival and failure.”

Efforts to fight cyber crime are being headed by the North East Fraud Forum (NEFF), a public-private intelligence partnership involving Teesside University and Northumbria, Durham and Cleveland Police.

The forum is seeking funding to establish a dedicated cyber crime research centre at Newcastle University and is promoting the safer use of digital content through the Hadrian project - a consortium of police, business, colleges and universities.

Its work has attracted praise from global technology giant Microsoft, which hailed the region as a trailblazer in tackling cyber fraud.

But forum bosses are far from complacent.

Chairman Alan Brown says: “We don’t know what we don’t know. We are trying to get companies to take more responsibility for their IT security.”

He claims companies could benefit by calling on “mystery shoppers” to test the strength of their IT security.