Cyber criminals and fraudsters got a big wake-up call in the UK last week when the National Crime Agency (NCA) arrested nearly 60 individuals in a raid that stretched throughout England, Scotland and Wales. The BBC reported that in all, 25 operations took place during the week of 1-8 March.
The sweep caught up suspected hackers, fraudsters, virus-writers, digital thieves and other alleged criminals. The BBC report even included an eyewitness account from one of the operations – the following comes from their technology correspondent Rory Cellan-Jones:
I was with one of the teams from the National Crime Agency as they carried out an arrest this week at a flat in north London. One group had tracked the suspect, a 21-year-old student, all the way back from university 40 minutes away.
The arrest had some of the drama of a classic police operation - "Go! Go! Go!" came the command over the walkie-talkie as we approached the suspect's flat. But no doors were kicked in, and there were no shouts of "You're nicked!" The priority was to make sure any computers were seized before they could be shut down or their data encrypted.
Teams arrived with equipment to gather data, and found a laptop and a desktop computer, both of them online. One officer was employed simply keeping her finger on the laptop's trackpad to make sure it didn't go to sleep. Later, police cyber-specialists would spend many hours examining exactly what was on the two computers.
At Cifas, the UK’s Fraud Prevention Service, Chief Executive Simon Dukes issued the following statement:
“Fraudsters are sophisticated and will use every chance that they get to pilfer funds from individuals and organisations. This strike by the NCA sends a positive message that the UK is not a safe place for online criminals to operate. But these arrests are just the first step. The public must have faith that where these crimes have occurred they will be prosecuted, and that fraudsters and online criminals will be punished appropriately…”
Some of the biggest risks are those facing corporations, smaller businesses and any organizations that store data. This could comprise customer or client information, intellectual property (IP) or financial details. At CRI Group, our experts have placed an emphasis on providing services for organizations to help them:
1) Assess risk levels. What parts of an organization’s data storage are insecure? How would a cyber criminal go about stealing sensitive information? Sometimes the most obvious weaknesses are the most difficult to recognize.
2) Secure data. Busts such as the one in the UK demonstrate that cybercriminals are using more and more elaborate and technical means to commit their crimes. Protections must be more sophisticated and properly implemented.
3) Measure results. Implementing proper data security protections is not a one-time thing. Processes must be measured and evaluated for effectiveness on a regular basis. Otherwise, they become obsolete and may simply create a false sense of protection.
The UK’s cyber criminal sweep is a move in the right direction, no doubt. But it represents just a drop in the bucket in terms of the number of potential threats are lurking online across the globe. In today’s business climate, organizations must take it upon themselves to seal their doors to thieves – or risk losing their information and their customers’ trust.