Large tech firms, social media companies and internet service providers (ISPs) could be vital in preventing cyber-fraud, according to a new report.
Published by the Royal United Services Institute (RUSI), the paper, titled The UK’s Response To Cyber Fraud: A Strategic Vision, claims that cyber fraud in the UK is a “rampant” issue that costs the UK taxpayer millions of pounds.
A key finding of the report is that Covid-19 and the shift to home working have exposed the country’s vulnerability to cyber-crime.
According to the report, large tech firms have the capacity to combat these threats through things such as cybersecurity and risk management and the tools to remove malicious domains and malware from the internet.
As well as this, firms can build safer services and products for users, and “enrich” the cyber threat intelligence available to investigators of cybercrime in general.
However, the paper also acknowledges the “trade-off between detecting crime and prioritising functionality and accessibility” for private firms and suggests that the government should do more to combat emerging cyber-threats.
The report highlights that the responsibility of tackling cyber-fraud also falls on law enforcement agencies and financial institutions and involves “multiple stakeholders with various responsibilities, capabilities and incentives”.
DIGIT’S 2021 #virtualevents calendar:
📅 #MarTech Summit https://t.co/JkViHnOzbF Wed 24 Feb
📅 ScotSecure #CyberSecurity Summit https://t.co/JaD886wGh9 24/ 25 Mar
📅 #DigitalEnergy Summit https://t.co/thGSfrBqlM 22 Apr
📅 DIGIT #Leader Summit https://t.co/alC1xjRvtW 26 May pic.twitter.com/XXGqh5Braw
— DIGIT (@digitfyi) January 18, 2021
One of the most prevalent issues for stakeholders working in these sectors is the difficulties in data sharing between public sector and private sector firms, according to the paper.
A section from the report says: “When asked to list the three most significant challenges in tackling cyber fraud overall, information sharing between law enforcement agencies and financial institutions was the most common response (54% of respondents listed this in their top three), followed by prosecuting perpetrators (52%) and protecting vulnerable people (44%).”
On top of this, 52% of respondents said they believed information-sharing mechanisms to be “poor or very poor” while only 12% said that the main priority of financial institutions is to share information with other financial institutions or law enforcement agencies.
Another question raised by data sharing and the inclusion of private firms in combating cyber-fraud is ethics. The role of private firms is very different from that of a public institution a law enforcement agency, so they have no obligation to help.
- Trustpilot removed 2.2m fake reviews, report shows
- CyberScotland week returns today with over 130 online events
- Firms must ‘master change’ to define the future of tech post pandemic
Jordan Schroeder, Deputy Managing Director & Managing CISO at HEFESTIS, believes that the power of big tech firms creates an ethical and moral question that is difficult to answer.
“Does a company, being engaged by people as a conduit to be a threat to others, have a responsibility to stop the threat? Or should they act as if they are the open air of the public square?” he said.
“The one fact that every society must face is that bad things will always happen. There is no way to stop all threats. And perhaps someone might have been in a place to stop the threat, but that does not mean that someone, or that company, must always assume the responsibility for proactively seeking to know if they are in a place to stop a threat.
“When someone knows, then they have a clear responsibility. But storing information and knowing something are very different things.”
RUSI last month warned fraud has reached “epidemic levels” and called for the crime to be prioritised as a national security issue with a greater role for the intelligence services.