UK Legal Businesses in the Cross Hairs of Cyber Criminals

UK businesses are being called out by the NCA to take the threat of cyber crime more seriously and work with the authorities to help sufficiently defend themselves against cyber criminals.

Cyber-dependent crime is on the rise in the UK, and businesses are increasing being targeted, according to the cyber crime unit of the National Crime Agency (NCA).

“If organisations and businesses don’t think cyber crime is an issue for them, it probably will become an issue fairly soon,” said Mike Hulett, head of operations for the National Cyber Crime Unit (NCCU), which is responsible for leading the UK’s law enforcement response to cyber crime.

Hulett oversees the most complex investigations into cyber crime in the UK, utilising intelligence from UK and international law enforcement agencies, other UK government departments and a range of industry partners.

“Cyber crime is something that should be on everybody’s radar in any organisation, and all businesses need to understand the massive scale of cyber crime, which was included for the first time in the latest Crime Survey for England and Wales,” he told Computer Weekly.

There were 3.6 million cases of cyber-originated fraud and two million incidents of cyber-dependent other crimes in the last year. However, others suggest that the real number of online fraud cases is unknown, and is likely to be much higher than the official figures as many incidents go undetected or unreported.

Despite the statistics, the media regular reports of breaches of well-known UK brands, including many legal businesses. Hulett concedes that there is still some complacency about cyber crime, particularly among smaller businesses.

“Most businesses will have insurance against things like fire and burglary, which are statistically much less likely to happen than a cyber attack, and yet relatively few have well-developed incident response plans and effective backup and business continuity mechanisms in place,” he said.

“Businesses also need to understand that cyber crime can take place anywhere, so while they may be in a location that has a relatively low crime rate, that does not mean they are any less likely to be targeted by cyber crime, because cyber crime is not confined by regional or national borders,” said Hulett.

“A phishing or spam campaign, for example, will typically be targeted at a .co.uk address, which could be anywhere in the UK, even in areas that have very low levels of traditional crime, because all data, wherever it is held, is valuable and will be targeted by criminals,” he said.

The cyber criminals targeting UK legal businesses can attack their victims from anywhere in the world, which creates challenges to businesses’ perceptions of how much of a risk they face.

“The criminals, victims, enabling infrastructure and cashing out mechanisms may all be located in different countries or even different continents, so dealing with that is a big challenge for law enforcement,” he said, adding that the UK has its “fair share” of cyber criminals.