According to DI Keane, greater collaboration is needed between Scotland’s businesses and law enforcement community to effectively tackle the ever-changing threat.
Data breaches are continuing to plague public and private sectors. An audit of cyber-theft in 2016 published by Financial Fraud Action UK found that card companies across the UK were only able to save £6 out of every £10 of attempted fraud.
Whilst this is a decrease from losses in 2015, DI Keane warned that cyber-threats are growing in severity and complexity.
“What I’ve seen in the last 6 years, and certainly in the last 6-8 months, is the growing sophistication of attacks.”
As the “usual suspects” of malware and phishing become more intelligent, few large organisations, let alone smaller firms, are suitably equipped to defend themselves.
Last year the Scottish Business Resilience Centre reported that 25% of internet users in Scotland had only a limited understanding of the threats they face online.
DI Keane said that recognising this was a step forward, but that companies and businesses are failing to follow-up and actively address the problem.
He cited the under-reporting of cyber-breaches as an obstacle that is preventing the authorities from assessing the true extent of cyber threats to the business community and, by extension, the wider public.
DI Eamonn Keane speaking at Scot-Secure 2017
“We really don’t know the scale of the problem of cyber-crime in Scotland and the UK. We’re making strides in regards to cyber-markers and such like, but we need to get a better picture of what’s happening and what’s hitting our infrastructures.”
If authorities and law enforcement are not given sufficient information to see the complete picture, then they are less able to combat the threat effectively.
This link between awareness and response also poses an issue for consumers. In spite of the rising profile of the cybercrime threat, the SBRC reports that 84% of internet users in Scotland believed that they had not been targeted by cyber-crime in 2016. In fact 69% had been targeted, which highlights a clear disparity between perception and reality.
The SBRC also found that 57% of victims of cyber-crime felt that the matter was too trivial to report. A further 57% believed that there was nothing that could be done.
But DI Keane believes that it is necessary for Scottish businesses to report cyber-breaches to the authorities. He notes that the police continuously share information between departments – but lack knowledge of the wider threats.
“We have something like 342,000 SMEs (small and medium enterprises) within Scotland. And when you’re not in the business of security and you’re in the businesses of kilt-making or tourism or whatever it is – that’s where the vulnerability is.”
“We need to get a lot more organised in regards to taking [malicious] activity out of the infrastructure. And that’s where I appeal to industry and academia – law enforcement cannot do this on their own.”
We cannot legislate for what we don’t know
“We cannot legislate for what we don’t know. I would encourage you, even if it’s only for information purposes – please engage with us.”
DI Keane believes that by working and communicating openly when a breach occurs, authorities can better prepare cases and future-defences.
One of the ways that this could be achieved is by nurturing Scotland’s digital talent. The Cyber-Security Division of Police Scotland has liaised with all 15 of Scotland’s universities, including Napier University’s Cyber Academy on a number of interactive projects. These events also include hosting a hackathon at the University of Glasgow.
For those already in a profession, the Cyber Essentials scheme has been developed by the Scottish Government to advise organisations on how to mitigate the chances of a breach. The programme’s hygiene methods include a 3-point-plan where companies self-assess their systems and are tested independently.
collaborative communities already exist, but are not given enough coverage.
DI Keane also noted that collaborative communities already exist, but are not given enough coverage. The Cyber-security Information Sharing Partnership (CiSP) is one such community, where members can exchange information on cyber-threats that they have experienced, furthering R&D.
DI Keane referred to Operation Avalanche as an example of what open discussions can achieve. Last December malware and money mule network Avalanche was dismantled after a 4 year investigation by Europol. Over 30 countries shared information, leading to 5 arrests and the closure of over 800,000 domains.
But DI Keane conceded that these success stories can only be born from collaboration. The police need a good picture of the landscape before effective countermeasures can be developed.
DI Keane said: “The building blocks of the internet are ever-more vulnerable, the engineering behind the internet is ever-more vulnerable.
“Counter-intelligence is very important, and if that is available to you free of charge, why not use it?”