Today [July 20th 2017] the Office for National Statistics in the UK released their annual Crime Survey for England and Wales (CSEW), for the twelve month period March 2016 through to March 2017. Once again, Cyber crime (defined by the CSEW as cases where the internet or any type of online activity was related to any aspect of the offence) featured prominently in the report.
The CSEW places Cyber crimes within the figures relating to Fraud offences, where the report lists a total of 3,591,000 incidents recorded under the sub headings of Computer Misuse, Computer Virus, or Unauthorised Access to Personal Data (including hacking). The recording of these offences are new to the CSEW and therefore they may not fully represent the true extent of these crimes.
From the survey, an estimated 3.4 million incidents of fraud were reported between March 2016 and March 2017, with 57% of these incidents (1.9 million) Cyber related. Despite the survey reporting falls in other crimes, such as violent crime, the report shows a 5% increase in the number of recorded fraud offences with a particular increase in card fraud over the previous twelve months, with an overall increase in the number of fraud offences recorded by law enforcement (including Action Fraud) over the last five years to more than double.
One of the largest increases in the fraud sub categories recorded in the survey was seen within the Banking and Credit Industry. The report believes this is due to the increase in application fraud where accounts are created using stolen identities.
As we continue to put more and more information about ourselves online and within electronic databases, this type of crime will continue to grow. Will the introduction of General Data Protection Regulation in 2018 assist in lowering this figure? I am not convinced.
To make any impact organisations must act now and implement appropriate security controls surrounding customer personal data. This must also be coupled with individuals taking more personal responsibility for the information they post online. If you would not wear it on the sandwich-board as you walked down the High Street, do not post it online. One of the agencies who contributed to the CSEW, Financial Fraud Action UK, published their own report, Fraud in Fact 2017, which concluded that “impersonation and deception scams, as well as digital attacks, continue to be the primary factor behind fraud losses.”
Another notable increase highlighted by the survey, was a 48% increase in computer misuse crimes on the previous year. This of course covers a broad spectrum of malicious actions including;
- Unauthorised access
- Introduction and spreading of malicious software
- Unauthorised modification and deletion of data
- Changing of passwords to prevent authorised access
- Any form of interference with the systems normal operation
These acts can originate from both internally and externally to the environment.
Fraud relating to face-to-face transactions has continued to fall in the UK since 2010 which is attributed to the introduction of chip and pin technology. The case types seen by the Foregenix Digital Forensic and Incident Response teams would support this, as the EMEA team deals primarily with eCommerce compromises. The US team handle mainly brick and mortar cases where chip and pin technology is not currently in use and Point of Sale systems have been exploited to compromise card data.
Despite the large number of offices recorded within the crime statistics, it remains a sad fact that only 17% of victims of fraud report to the police or Action Fraud. It is odd that victims of Cyber crime do not see the need to the report the offence to police, with many saying that the police would not be interested. This culture of non-report must change if we as a society are to combat this modern issue. Law enforcement throughout the World has many specialist units focusing on Cyber related offences, however they can only investigate those crimes that they are aware of.
An interesting statistic from the CSEW report, is that unlike the other crimes surveyed, fraud crime types are indiscriminate with no differentiation of victimisation across society groups.
Fraud, especially Cyber related continues to be seen by the criminals as low risk and high reward, and as it has no boundaries fraud through Cyber crime will continue to be prevalent in our society for the foreseeable future.
Would you be able to identify a breach in your organisation? Foregenix has developed a specialist service for Rapid Threat Detection and Mitigation - for companies of all sizes. Find out more below.