Office of National Statistics (ONS) has just released its latest fraud and cyber crime statistics, which analyse data up to September 2017. The results show an improvement for consumers, and suggest that cyber criminals are turning their attention to organisations, which are more profitable. Key findings include:
- Offences involving computer misuse against consumers showed a 24% decrease from last year’s survey, due to a fall in consumer targeted viruses
- However, Action Fraud, which include businesses in their data, reported a significant rise of computer misuse by 63%, with cases involving computer viruses rising by 145% (citing major attacks such as WannaCry as the cause for this rise)
- Fraud offences against the general population have fallen by 10% overall compared to last year, driven by a 20% drop in online retail fraud and fraudulent computer service calls
IT security experts commented below.
Andy Waterhouse, EMEA Director at RSA Security:
“While it’s great to see that hackers are starting to draw their attention away from consumers, organisations and UK infrastructure are facing tougher conditions than ever as hackers chase greater profits. The aftershock from major ransomware attacks last year such as WannaCry and NotPetya is evident. These highly-weaponised threats now have the ability to replicate and spread at an unfathomable pace, putting critical UK infrastructure and businesses at risk with every attack.
“In this post-WannaCry world, both consumers and organisations need to do more to assess their data, identify their most valuable assets and protect these ‘crown jewels’ as best they can through a mix of multi-factor authentication, strong and unique passwords and a greater level of education on cyber skills. Free public services such as Get Safe Online and Action Fraud are a great starting point for those looking to get protected, improve their cyber-savviness and ensure hackers can’t steal, extort or profit from your information.”
Tim Ayling, Director, Fraud & Risk Intelligence at RSA Security:
“Despite a marginal drop in recorded cases, it’s clear from the CSEW results that cyber criminals are still having an online fraud frenzy, as criminals continue to profit from posing as major retailers, banks and brands online to trick you into giving up valuable personal and financial data. In the near future, as more automated services such as virtual assistants and driverless cars have access to this data and make our purchases for us, cyber fraudsters will even start to target our non-human counterparts. Before this becomes a reality, it’s vital users get a handle on who has their information, and how they are protecting it now as we move into uncharted territory of ‘human-not-present’ fraud.
“In general, users should avoid clicking on links to websites from emails, if it is from an unknown source. Instead, search for the website using an engine. Secondly, always be sure to check the URL of a site you’re visiting to make sure that the it is correct before entering any details – often with spoofed sites there will be a few letters in the wrong place that will give clues that it is not official, the devil really is in the detail. Thirdly, check the address bar to ensure you are visiting a secure site, and that no warnings appear in your browser. Lastly, if you have any doubts, check official company websites for a phone number, and call to get validation before sharing any personal information.”
The data is gathered for a year up to September 2017 by the Crime Survey for England and Wales (CSEW), and this is the second year the results have been published as part of the wider crime survey, as the lines blur between cyber crime and physical crime.
Fraser Kyne, EMEA CTO at Bromium:
“The good news is that overall computer misuse is down. However, it is interesting to see that Action Fraud – which is typically more business focused than consumer – is reporting an increase of 63%. This isn’t surprising given the spate of ransomware and Trojan attacks last year, which were targeted at businesses. Unfortunately, this doesn’t really come as much of a surprise. Last year was a year of mega-breaches that made clear how far ahead the bad guys are compared to the security industry. Businesses were shut down for long periods of time, too many ransoms were paid, the bad guys got richer and the security industry looked on, often powerless, as its tools were rendered useless by new and constantly evolving techniques.
It is worth noting though, that this is only a reflection of reported crime. Reports can only tell us what we know about (i.e. what has been detected and reported). These detected events prove that things are getting in; so we must also assume that things are getting in that are remaining undetected too. This is why we need tools that can protect us from the things that we can’t see/detect. Cybercrime will continue to flourish as long as the security industry remains reliant on detection-based security tools. With cybercriminals becoming more and more successful every year, we have to admit that the detection model is broken. The industry must respond with new ways of defending enterprises and the public at large to ensure that we don’t see the continued rise of cybercrime. Virtualisation can provide this protection to enterprises. By running applications within their own completely isolated virtual machine, you can ensure that any malware directed at businesses is contained to that environment, unable to escape and infect the rest of the system.”