The cost of cybercrime to the UK economy is estimated at billions of pounds per year and growing, surpassing the cost of traditional crime, the National Crime Agency reported following a recent assessment.
After a significant rise in Distributed Denial of Service (DDoS) and Ransomware attacks in the UK in 2015, with 2.46 million cyber incidents and 2.11 million victims, the agency warns of “substantial loss of revenue and margin, of valuable data, and of other company assets,” unless law enforcement and enterprises form a partnership to improve cyber awareness and fight the criminal networks.
“Policing, especially in cyberspace, is no longer the exclusive preserve of law enforcement. The private sector, academia, and citizens themselves all need to be involved,” the INTERPOL said in January.
Cybercrime offers multiple possibilities for fraud, theft and trade of stolen data on the black market. Cybercriminals are part of more sophisticated international crime groups that use complex strategies to target businesses. They work based on organizational structures and are believed to be responsible for the most sophisticated financial “Trojan” malware with the variants DRIDEX, NEVERQUEST, and DYRE/DYREZA.
“The most advanced and serious cybercrime threat to the UK is the direct or indirect result of activity by a few hundred international cyber criminals, typically operating in organized groups, who target UK businesses to commit highly profitable malware facilitated fraud,” the report reads. “These cyberattacks include attacks directly targeting business systems and attacks against individuals, although those targeting individuals can also impact upon business (e.g. through customers and supply chain vulnerabilities).”
In spite of all efforts focused on educating users, private individuals are still the weakest link, as they are often negligent in protecting their activity and devices from malware, creating an abundant source of infection for businesses.
Besides untrained users, under-reporting is another serious problem as many companies discover breaches and attacks too late, while some managers are either afraid to inform their superiors about attacks or feel it is more convenient to pay up and solve matters quietly.