Tackling cyber crime: Four approaches examined

We looked at four types of response to market change, to see which strategy was most likely to succeed in countering cyber crime innovation.

Trust in established practices

The most popular business strategy for dealing with any disruptive change is denial. So, we invited Dave Palmer of Darktrace to bring us news from the frontline of the cyber security wars and shake our complacency with tales of how quickly the threat is evolving. In a wide-ranging talk, we heard about new attacks on physical assets, intellectual property and business practices. I was particularly interested to hear how targeted emails (“spear phishing” attacks) are starting to use artificial intelligence to automate messages using natural language and small truths gleaned from the public-domain to win the reader’s confidence ahead of a malicious call to action.

Government response

Crime is a law and order problem, and governments can mitigate the effects with new regulations, backed up by robust policing. It was great to hear from the Met’s Tim Court about successful investigations and prosecutions for cyber fraud. He moved the agenda beyond technology, with a philosophical aside about the psychology of crime: crime is a people issue, and it stops when individual criminals start to fear the impact of enforcement and choose legal ways to make their money.

Innovate faster

The nature of IT fraud is essentially asymmetric, with complete coverage required for defence, but a small weakness being a sufficient to allow entry. Is the answer to increase the pace of innovation and to respond to threats more quickly? Fraser Kyne of Bromium talked us through the categories of recent end-point attacks, including browser vulnerabilities, ransomware, and a growing awareness of kernel exploits. He argued for defence in depth, using his own company’s product as an example of micro-scale segmentation to contain security risks.

Market forces

If security has a business value and an associated cost, will the market place work itself out? Nick Kingsbury is a venture capitalist with Kingsbury Ventures, and he guided us through a set of key questions for the board of directors of any company. He wanted to hear answers about the business impact of a security breach; the risk posed by third-party suppliers; and critically about the strength of the relationship between the Chief Information Security Officer and the board. I was struck by his point that traditional business practices require independent experts to audit financial accounts, but there’s no formal requirement to audit the processes used to secure a company’s intellectual property assets.

Finally

The final presentation was The Home Office’s Jane Cannon, talking about her plans to establish a Cambridge office to facilitate the relationship between UK government and commercial solution providers, the Joint Security and Resilience Centre.

And we wrapped up with an open floor discussion of topics raised during the day. What’s next for the Security SIG? Well, we’d like to hear from you about your agenda for security.

5,583,000 cyber crime & fraud was a new addition to the UK Crime Survey and came in with a whopping number of estimated incidents in 2016.

Biography

Tim Phipps

Product Manager for Security, Solarflare

Tim Phipps is Product Manager for security at Solarflare, which scales and accelerates data centre communications. He has helped companies to develop new technologies including cellular communications at TTPCom, WiFi/Bluetooth at Symbionics, and bespoke solutions at Plextek.

If you would like to receive a free copy of the CW Journal, please submit your details here. The CW Journal Editorial Board welcomes comment from those of you who would like to submit an article - simply email your synopsis to the team.