Paper calls for increased knowledge sharing between government and businesses

Tackling UK cyber fraud requires greater collaboration between public and private sectors, according to a new report

An independent report has stressed the importance of collaboration between UK law enforcement and private sector industries in tackling cybercrime.

The paper (PDF), from think tank Royal United Services Institute (RUSI), has laid out a list of recommendations to curb cyber-enabled fraud within the UK.

It was released today (February 22) in the lead up to the revision of the National Cyber Security Strategy, which is slated for publication in 2021.

The report was written based on insight from interviews with experts, literature reviews, and surveys undertaken with various stakeholders including law enforcement, cybersecurity industry professionals, and financial services workers.

It concludes that greater collaboration between all stakeholders and a “strong central direction” are paramount to defeating cyber-enabled fraud.

‘Leadership vacuum’

The report’s authors claim that cyber fraud does not receive the appropriate level of coordinated response from across

units, financial sectors, and government agencies.

Responsibilities for tackling the issue are unclear, they say, creating a “sizable leadership vacuum at the policy level.

“The current model suffers from contrasting levels of prioritization of cyber fraud across
different stakeholders,” the paper reads.

“Some financial institutions see cyber fraud as a high priority due to the risk of reputational damage, while others are more likely to think of it as just another cost of doing business.”

Meanwhile, for most law enforcement agencies, “it is not always considered
a high priority compared to violent or drug-related crimes due to its less visible and less
physically harmful nature”.

In order to tackle this growing problem, the report suggests that information sharing practices across public and private sectors need to improve.

Read more of the latest news about computer-enabled fraud

Despite the existence of numerous information-sharing partnerships and industry forums, the authors claim that there are still “significant limitations”.

Therefore, the authors set out 11 key recommendations for businesses, government, and other institutions to follow.

These include a more preemptive approach to tackling cybercrime from The National Crime Agency and City of London Police, the publication of comprehensive guidance on how private sector organizations can share information with law enforcement, and the creation of a pilot initiative focused on integrating cyber policies, anti-money laundering and fraud data, and dissemination of “sanitized examples of best practice”.

More recommendations can be found in the report (PDF).

Coronavirus pandemic

The paper also details how the coronavirus pandemic, and particularly the widespread switch to remote working, has affected cyber fraud cases.

When asked whether they thought Covid-19 has had an impact, 61% of respondents said the number of fraud attempts they have seen have “greatly increased”.

Indeed, coronavirus scams and phishing attacks have plagued both the public and private sector since the UK first went into lockdown in March 2020.

Read more of the latest news about coronavirus scams and phishing attacks

The report’s authors expressed concern over the number of respondents who said their company has not taken adequate measures to protect employees working from home.

“It is concerning that the majority of the survey respondents for this research (70%) felt that
the increase in remote working has not been matched by increased efforts from businesses to improve their cybersecurity and anti-fraud protection,” the report reads.

‘Blind faith’

The authors also stressed the importance of upskilling workers to understand how to defend themselves against attacks, given that cybersecurity knowledge is “often concentrated in a select few individuals in a company, typically in the IT department.

“Great amounts of trust are put on these individuals to maintain the security of their business devices, as they would do in an office environment.

“As a result, people often exhibit blind faith in the safety of the systems they use. This presents an opportunity that criminals may seek to exploit and therefore requires significant upskilling of employees.”

Speaking to The Daily Swig during a press briefing last week, co-author Sneha Dawda said that they looked to various other reports and countries for inspiration.

The Netherlands in particular stood out, Dawda said, citing its “extremely innovative model of tackling cybercrimes”.

She also looked to the current UK National Cyber Security Strategy and its emphasis on understanding “overall national priorities and values” when tackling cybercrime.

“It aligns perfectly [with] that notion that we need to tackle cybercrime and we need a more innovative model to do so,” said Dawda. “In the last five years we’ve pumped a lot of money into cybercrime but we’ve kind of left fraud out a bit.”

Co-author Ardi Janjeva added that while the report was influenced by various inquiries that include elements of computer-enabled fraud, “there has been no comparable inquiry that would focus specifically on cyber fraud, and that’s part of the rationale for this paper”.

READ MORE Fake websites and false cures: Interpol warns of Covid-19 vaccine scams