Disclosing a Cyber-Crime to the Authorities:
Should you do it?
What are the risks?
PRESENTED BY:
DAVID CLARKE TODAY ADVISORY SERVICES FOUNDER AND FORMER DIRECTOR OF NATIONAL FRAUD INTELLIGENCE BUREAU UNITED KINGDOM
Copyright © Today Advisory Services, All rights reserved
https://www.linkedin.com/pub/david-clarke/10/816/28b
• Current trends in cyber attacks against individuals and businesses
• Options for reporting and the response from the Authorities
• Risks, issues and benefits of disclosing an incident
• The Good, bad and ugly: Recent case studies
• Best practice policy & procedure for disclosing incidents to the
Authorities
Copyright © Today Advisory Services, All rights reserved
Overview
About me
• Former Senior Police Detective • City of London Police, UN International Police • Police Representative on the UK Attorney General-Led Fraud
Review • Founder and Director of the UK National Fraud Intelligence
Bureau (NFIB) • Today Advisory Services • Consultancy and Multilingual Compliance Support Services • Senior Advisor AMLiss™ • Today Translations, Risk & Compliance • ISO 27001, ISO9001
Copyright © Today Advisory Services, All rights reserved
Terminology: Dependent or Enabled? Crime or Incident?
Cyber-dependent crimes are offences that can only be committed
by using a computer, computer networks, or other form of ICT. Acts
include the spread of viruses and other malicious software, DDoS
Cyber-enabled crimes are traditional crimes that are increased in their
scale or reach by the use of computers, computer networks or
other ICT. They can still be committed without the use of ICT. Include Fraud, theft, harassment,
child exploitation
Copyright © Today Advisory Services, All rights reserved
Washington, Hollywood and Romance
Copyright © Today Advisory Services, All rights reserved
1. Current trends in cyber attacks against individuals and businesses
https://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/
• Victimisation surveys indicate that only a small proportion of internet users report being victims of cyber-enabled frauds. This suggests that the public largely ignore unsolicited communications, although victims may not perceive themselves as ‘victims’ if a loss is refunded by a bank.
• ‘Insider-threats’ are a prominent issue reported in business surveys. However, the limited evidence available is mixed on whether they are a bigger problem than outsider attacks.
• Despite concerns over personal data and security, consumer online confidence appears to be growing and users continue to transact online.
Copyright © Today Advisory Services, All rights reserved
Size of the Problem – Cyber Enabled: Fraud and Theft
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/246749/horr75-summary.pdf
UK Home Office. Cyber Crime: A Review of the Evidence October 2013
• In 2011/12 over one-third (37%) of adult internet users reported experiencing a negative online incident in the past 12 months, but these experiences would often be below the threshold of a recorded crime.
• Almost one-third (31%) of adult internet users in 2011/12 reported receiving a computer virus in the past year (ONS, 2012b)
• Anti-virus providers generally conclude that security ‘attacks’ globally are in the billions and levels are increasing.
Copyright © Today Advisory Services, All rights reserved
Size of the Problem – Cyber Dependent
UK Businesses: Security Breaches Survey 2015
Copyright © Today Advisory Services, All rights reserved
UK Government IS Breaches Survey 2015
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/432413/bis-15-303_information_security_breaches_survey_2015-executive-eummary.pdf
UK Businesses: Security Breaches Survey 2015
Copyright © Today Advisory Services, All rights reserved
Copyright © Today Advisory Services, All rights reserved
Cost of Cyber Crime The most costly cyber crimes are those caused by malicious insiders, denial of services and web-based attacks. These account for more than 55 percent of all cyber crime costs per organization on an annual basis: Ponemon Institute 2014
The average time to contain a cyber attack was 31 days, with an average cost to participating organizations of $639,462 during this 31-day period: Ponemon Institute
2014
UK Government IS Breaches Survey 2015
Statutory or Voluntary?
Copyright © Today Advisory Services, All rights reserved
2. Options for reporting and the response from the Authorities
https://www.gov.uk/government/publications/10-steps-to-cyber-security-advice-sheets/10-steps-incident-management--11
Copyright © Today Advisory Services, All rights reserved
2. The Response from the Authorities
• Fraud and Cyber Reports made to Action Fraud
• NFIB response • Actionable crime or intelligence? • Local police action • Metropolitan Police Operation Falcon • International partners • NFIB’s Cyber Hygiene programme
http://www.met.police.uk/docs/cyber-crime.pdf
http://democracy.cityoflondon.gov.uk/documents/s50727/Appendix%201.pdf
3. Risks, issues and benefits of disclosing an incident
Copyright © Today Advisory Services, All rights reserved
There’s a threat to life or property and
Authorities have powers to protect us
We’re regulated and we face legal or
regulatory sanction if we disclose
We’ve dealt with it, if we report it may
become public and harm the brand or
give an advantage to the competition
The insider has gone and has signed an
Non-Disclosure Agreement. No one
will know.
A confidential disclosure may
protect us in the future
Failure to disclose now may bite us in
the future
The Legal Perspective
“Of all the fraud types, cybercrime is the one area where identification of the perpetrators and recovery of loss is all too often an uphill struggle. With organised crime able to move monies or information swiftly once extracted, recovery of the loss is often difficult and focus immediately is ensuring the cyber attack is stopped.
We advocate that resource is provided to focus on prevention and awareness so that employees understand the risks. After all, you can invest in expensive firewalls and software to protect your business but your best form of defence are your people and their awareness of the risks”
Arun Chauhan
DWF LLP Copyright © Today Advisory Services,
All rights reserved
防微杜渐
Reputational Management Perspective
“You need to think about the reputational impact – not just the legal position – lawyers are paid to be cautious, but good lawyers and good corporate advisors understand that how you are seen to respond to an issue can be more important in the long run. Never underestimate the damage than can be caused to a business by a reputational impact”.
• Liam Herbert
Chelgate
Copyright © Today Advisory Services, All rights reserved
• Boyfriend in Europe obsessed with Girlfriend grabs her social logins at home
• Girl ditches boy
• Boy hacks into girls work PC via social
• Sends offensive message to company client via girls email
• Forensic examination
• Crime report to UK police
• Join operation
• Boyfriend arrested and prosecuted
• Lessons learnt
• Action taken
Copyright © Today Advisory Services, All rights reserved
4a. The Good: The Key-logging Stalker
• UK/US company in the regulated sector identified malware on its systems and suspected it was installed by an insider.
• Forensic examination and further investigation identifies suspect coder in Balkans and several persons of interest in UK.
• Regulatory reporting requirements .
• Intelligence report to NCA, UK police and Regulator.
• Intelligence recorded and developed by police
• Insider risk mitigated
• Lessons learnt and applied Copyright © Today Advisory Services, All rights reserved
4b. The Not-So-Bad: Identifiable Hackers
• UK Entrepreneur develops innovative crowd sourcing and investment platform with £100k+ personal investment.
• 2 years work with one developer and a “casual acquaintance” of his.
• Prototype launch to audience of investors.
• Acquaintance hacks into email accounts and sends a string of offensive messages to users.
• Crime report to UK police identifying offender in UK.
• Intelligence recorded. NFA
Copyright © Today Advisory Services, All rights reserved
4c. The Bad and Ugly: Identifiable Hackers
Protecting Your Businesse
Copyright © Today Advisory Services, All rights reserved
UK Government IS Breaches Survey 2015
• Get Senior Management Buy-in – they understand the risks they face
• Establish Incident response capability
• Provide specialist training
• Define roles and responsibilities
• Establish data recovery capability
• Test the plan
• Decide what information to disclose and with whom
• Collect post incident evidence
• Educate users
• Report crime
Copyright © Today Advisory Services, All rights reserved
5. Best practice policy & procedure for disclosing incidents to the Authorities
https://www.gov.uk/government/publications/10-steps-to-cyber-security-advice-sheets/10-steps-incident-management--11
Copyright © Today Advisory Services, All rights reserved
If you don’t disclose others might
https://www.gov.uk/government/publications/10-steps-to-cyber-security-advice-sheets/10-steps-incident-management--11
Small Print
Copyright © Today Advisory Services, All rights reserved
Disclaimer: The views expressed in this presentation are those of the Presenter and may not represent those of Today Advisory, Today Translations Ltd and its affiliated companies. The information and materials contained or including any ideas, opinions, predictions, forecasts and suggestions expressed or implied in this presentation and accompanying commentary are for informational or educational purposes only and should not be construed as legal, financial or other professional advice. While the information provided is believed to be accurate, it may contain errors or inaccuracies and should not be used as a basis for making business or investment decisions. Any advice or information received via this presentation should not be relied upon without consulting primary or more accurate or more up-to-date sources of information or specific professional advice. You are recommended to obtain such professional advice where appropriate. The Presenter and Today Translations Ltd accepts no liability and will not be liable for any loss or damage arising directly or indirectly (including special, incidental or consequential loss or damage) from your use of this information, howsoever arising, including any loss, damage or expense arising from, but not limited to, any defect, error, imperfection, fault, omission, mistake or inaccuracy with this presentation, its contents, commentary or associated services. References in this presentation to any products, events, organisations or services do not necessarily constitute or imply the Presenter or Today Translations Ltd's endorsement or recommendation of them. Any external links or hypertext link from this presentation exist for information purposes and are for your convenience only. The presenter and Today Translations Ltd accepts no liability for any loss or damage arising directly or indirectly (including special, indirect or consequential loss or damage) from the accuracy or otherwise of materials or information contained on the pages of such sites. The inclusion of hyperlinks to web pages does not imply any endorsement of the materials on such sites.