News Ticker

If Victims of Cyber Crime Fail to take Security Risks, they are “Low Priority”

  • Victims of Cyber Crime a “Low Priority”
  • New approaches to be adopted in terms of Cyber Crime by the Law Enforcement

 

Original Author: Assent Risk Management
Original Links: N/A

 

Cardiff University have created a report for the City of London Corporation. This has been supported by the City of London Police. It suggests that the new approaches must be adopted by law enforcement to block the mounting problem of economic cyber crime.

A controversial point of this report is that cyber crime victims who fail to take security measures should be treated as a lower priority by police than others who have taken action to improve their security.

“For some individuals it is arguable that they should not receive scarce Pursue policing resources because they have not exercised due diligence on their own behalf”, said the study authorised by the City of London Police and the City of London Corporation, who run the Square Mile.

Dr Mike Levi, the lead author and Prof. of Criminology at Cardiff University revealed “This report provides new data and analysis around the scale of this activity and offers a comprehensive view of the challenges facing the policing and law enforcement responses. It appraises the success of different approaches to preventing and addressing crime, and presents practical suggestions with a focus on partnership-working, education and awareness-raising, information-sharing across industry, and intelligence-led policing.

“The risks of being defrauded by criminals using the internet will continue to increase unless more is done to protect ourselves and others. As crime changes, so must approaches to its policing.”

 

Positive Suggestions

Some positive aspects in this report are that;

  • Citizens should be better educated on the risks of cyber crime, making it easier for them to be protected.
  • Organisations should review what they really need to have connected to the Internet.
  • There should be greater coordination across police forces and other key bodies, nationally and internationally – including the National Crime Agency, Intellectual Property Office and Trading Standards as part of the wider policing family, as well as international partners.
  • Law enforcers should place a greater focus on disruption tactics – such as identifying and shutting down fraudulent websites – over traditional reporting and investigating.
  • Building on existing efforts of a joined-up approach to policing economic cyber crime, addressing those crimes that by volume, value, harm and/or severity of threat, and identification of the organisation and location of perpetrators, appear to pose the biggest risk.

 

Awareness In The Business

As a business you must remember that it is in your own interests to ensure all employees practice and know good information security at home and in the office. It’s not uncommon for staff to access their corporate networks on their personal devices. If they are not trained on security basic threats then they are very likely pose a threat.

To reduce this threat, organisations should deliver regular information security training programs for staff to aid them with knowledge that they need to know (eg secure content) and urge them to transmit the knowledge of information security to their family and friends.

How ISO 27001 Will Help

ISO 27001 is the internationally recognised standard for information security management.

The ISO 27001 standard takes a risk management approach to information security and therefore requires the organization to define a risk assessment methodology.

After assessing the threats to information assets, the standard provides 114 possible controls to apply, within Annex A.

This can be applied throughout the supply chain, once you’ve certified your Information Security Management System (ISO 27001) to the Standard, you can demand that your suppliers do the same, this will demonstrate to stakeholders, customers and staff that information security best practice is followed.

 

You can find out more dedicated information on our Tech Risk Website here:

http://www.assenttechrisk.co.uk/info-sec/

We also offer a Cyber Essentials Scheme, you can find more dedicated information on the Scheme here:

http://www.assenttechrisk.co.uk/info-sec/cyber-essentials-scheme/