Met Police and NCA: UK businesses are not helping fight cyber-crime

Met Police and NCA: UK businesses are not helping fight cyber-crime

Illustration

This post is also available in: heעברית (Hebrew)

Illustration
Illustration

Two of the UK’s top cyber crime-fighters have accused financial institutions and other companies of failing to share information about cyberattacks because of ‘mutual suspicion’ between police and the private sector.

Met Police Commissioner Sir Bernard Hogan-Howe and Donald Toon, director of the economic crime command at the National Crime Agency (NCA), both told the World Cities Conference in London last Thursday that getting businesses to share evidence of attacks is a vital issue for law enforcement, as it emerged that cyber-crime reports rose 54% in the last year.

Separately, NCA’s Donald Toon told the conference: “There’s a real issue around co-operation between some parts of the private sector and law enforcement. For too long there has been a degree of mutual suspicion.” This, according to the Wall Street Journal.

Toon said UK banks with operations abroad are loathe to share information regarding money laundering and cyber crime, because of national anti-money laundering and national data protection laws.

Hogan-Howe told the conference: “Organizations have control rooms running 24 hours a day to fend off attacks, often against state actors, but rarely will they share that information with the police.

iHLS Israel Homeland Security

“They say the police will be overwhelmed. I tell them that if they don’t tell us, I can guarantee we won’t do anything about it. It’s vital they share that information with us.”

Hogan-Howe added: “Of course, businesses are concerned about shareholder value, and we’re all concerned that the reputation of our organizations are intact. But the only person who benefits from that confidentiality and that discretion is the criminal who attacks us, or the state actor who may be involved.”

John Walker, visiting professor at Nottingham-Trent University and director of cyber security consultancy ISX told: “They are absolutely spot on. First of all, commercial organizations are not gathering information as they should. It’s one of those black arts which has got to be corrected – because until the commercials all get into a position where they’re feeding into a central repository about the amount of attacks they’re seeing and where they’re coming from, we’ll never get anywhere.

“I’m absolutely sure law enforcement will treat that information with confidentiality. We need to get commercial organizations telling the police and National Crime Agency what’s going on because that is the only way we’re going to get a big picture – and until we get that big picture we will never ever be in a position to curtail this threat.”