Cyber crime is costing the UK an estimated £27bn a year, and UK businesses are hit hardest owing to high levels of intellectual property theft and industrial espionage, according to a new report from consultancy Detica and the Office of Cyber Security and Information Assurance. Skip related content
The Cost of Cybercrime study found that the cost to businesses of cyber crime runs to at least £21bn a year, and that intellectual property theft accounts for the largest chunk at £9.2bn, followed by industrial espionage at £7.6bn and extortion at £2.2bn.
Interestingly, direct online theft accounts for just £1.3bn, while loss or theft of customer data represents just £1.1bn, despite usually garnering the biggest headlines.
The government is said to be hit with a £2.2bn annual bill thanks to cyber crime, while taxpayers lose £3.1bn mainly through identity theft (£1.7bn) or other online scams (£1.4bn). Scareware and fake anti-virus scams are said to account for £30m.
The report highlights the need for a more strategic approach to cyber crime, but warned that current estimates of the scale of the problem are being undermined by “a lack of a clear reporting mechanism and the perception that, even if crimes were reported, little can be done”.
Businesses should have access to a “government-sponsored, authoritative, online and interactive service”, according to the report, which would help to raise awareness and promote best practice in cyber defence, as well as provide a centralised reporting mechanism.
Security minister Pauline Neville-Jones argued that cyber crime is a ” national security and commercial priority”, and that the public and private sectors need to co-operate.
“This report is an important example of how government and industry are working together to tackle specific threats posed by criminal use of the internet, and highlights the opportunity we have to turn this to our advantage and get ahead of the curve to drive our economic growth and prosperity,” she added.
However, the figures dwarf the amount that the government is currently spending on cyber security. Just £63m is likely to end up supporting cyber crime prevention out of the £650m pledged to the government’s cyber security strategy.
Some security experts have also called into question the huge figures estimated by Detica in the report, especially given that there is little evidence of how the figures were arrived at.
Sophos senior technology consultant Graham Cluley pointed out in a blog post that the £27bn figure easily smashes the estimated £13.9 billion cost to the UK per year of drug related crime.
There needs to be a proper mechanism for reporting cybercrime (both for home users and businesses) before we can begin to whisk up grand totals like this, he said.
Once we know the true scale of the problem, and can produce reports that aren’t dealt with scepticism, we can fund the computer crime authorities appropriately, and we can begin to measure if the UK’s attempts to fight the problem are really working or not.
Mikko Hyppönen, chief research officer at F-Secure, agreed that £27bn is an incredibly large sum, especially given that most of it seems to have come from IP theft and espionage, which he admitted was “very hard to quanitfy”.
During the shadow of Communist Russia, Estonia was once home to a major contingent of KGB secret police. Now free, the Estonians are taking the opportunity to display Soviet hardware used by the KGB to monitor transmissions and eavesdrop.
The exhibition – called “Viru Hotel and the KGB” – remembers a time when the hotel was a hub for eavesdropping on foreigners.
The exhibition shows in a once-secret “radio room” where operatives relayed information from the hotel in Tallinn, Estonia to Helsinki, Finland across the Baltic Sea. From there, the intel would go to Moscow.
“All we have here now is the room as they left it one night in 1991 when Estonia was getting close to restoring its independence,” said Peep Ehasalu, spokesman for the Viru, now run by Finnish hotel chain Sokos.
In 1975, the radio room became a hotline for Soviet leaders between Moscow and Helsinki during the European Security and Disarmament Conference held in Helsinki. Again the room went into high use in 1980 when Tallinn was the venue for the yachting competition for the Olympic Games hosted by the Soviet Union.
“In the Soviet times I was not afraid of losing my job because of my professional skills, and jobs were available for everybody and no one was sacked even if they came to work drunk,” said Enn Palmets, the hotel’s technical manager, who has been at the Viru since it opened.
“There was a threat of getting dismissed because of telling the wrong kind of stories or talking to foreigners. In fact, everybody was forced to sign a document saying that they promise not to contact foreigners.”
One visitor, Tiia Raudma, who visited Estonia frequently in the 70s said that foreigners weren’t allowed to stay anywhere else.
“Everyone knew the Viru was bugged and that the KGB people sat on the second and third floors near the hard currency bar, so people would just be careful in what they said on the telephone or while in the hotel.”
While in a local coffee shop waiting to meet a friend recently, a group of people nearby was engaged in a conversation. Now I don’t make it a habit to eavesdrop, but they were so loud you couldn’t help overhearing them. And they clearly weren’t overly concerned that virtually everyone inside was within earshot.
I was especially interested because their conversation was financial in nature. Frankly, it took all my willpower to sit still and keep my mouth shut.
Their conversation reminded me that too many people are simply not paying attention to financial details the way I believe they should. In other words, when it comes to financial matters, it’s important that you pay attention to more than just the large print.
One animated gentleman complained that taxes must have been increased in 2010 because his refund was going to be much smaller this year than last year. I obviously didn’t know his personal tax information, but my guess is that he totally forgot what happened to payroll withholdings earlier in 2010.
They were adjusted lower in an attempt to get dollars into consumers’ hands sooner, with the hopes that additional dollars in the pocketbook would help jumpstart the economy.
Other than that and the Roth IRA conversion option, the income tax code had no real significant changes last year. I have a feeling a lot of people will be surprised when their tax refund this year is smaller than in years past. More than likely, the reason is they took more money home every pay period.
Automobile leasing was the other financial topic discussed. I was alarmed at the lack of understanding about how it works. Everyone wants our auto industry to thrive, but I think you need to understand all terms and responsibilities, whether you buy or lease.
Because leasing is generally more complex than buying and because it’s estimated that nearly 20 percent of new autos driven off the lot this year will be leases, it’s especially important to understand leasing terms.
The good news is that financing is beginning to loosen up. But that doesn’t mean you should run out and get it just because you can.
In the coffee shop, the patrons were describing leases as purchases that ended on a predetermined date. In reality, leasing is simply renting a car for a specified period of time, with certain limitations.
For example, a vehicle may be advertised as $199 for 36 months. But as anyone who has ever leased a car knows, there are penalties for things like damage and excess mileage.
In the past, many lease prices were based on 12,000 miles per year. These days, many of them are based on 10,500 miles per year.
So, what does it matter? Well, typically, there’s a 15 cents per mile charge for excess mileage.
If you drove 12,000 miles a year for 3 years, there would be 4,500 excess miles. At 15 cents per mile, you’d be charged an extra $675 at the end of the lease. That’s why understanding all the terms and conditions is so critical.
So in the future, control your speaking volume at the coffee shop or any public place. And make a commitment to be smart about your finances. That means carefully scrutinize all the fine print and details.
Fax your questions to Ken Morris at 248-952-1848 or e-mail to ken [dot] morris [at] investfinancial [dot] com. Ken is a registered representative of INVEST Financial, member FINRA, SIPC and is Vice-President of the Society for Lifetime Planning in Troy.
It’s hard to imagine, but roughly 10 years ago as VoIP was being rolled out corporate networkers were quite concerned about the security of VoIP. As we faced a move from voice going over a traditional (and, by the way, unencrypted) network, there was concern
that VoIP would be much too easy to eavesdrop on – especially if it traversed the Internet.
We’ll leave the question of whether “legal intercepts” as a political and civil liberty question. Indeed, virtually any “good” technology can also have a dark side. Nevertheless,
“wiretaps” have been a part of voice communications essentially forever. Sometimes for the good of all. Sometimes not.
And “tapping” a traditional voice call, whether in analog or digital (PCM) format is trivial. Additionally, as discussed in
an excellent interview, “Web Wiretaps Raise Security, Privacy Concerns” on All Things Considered, as cellular technology was rolled out, there were provisions made for “lawful intercept.”
The issue that was discussed by FBI General Counsel Valerie Caproni is that with VoIP solutions – and Web-based VoIP in particular
– the individual conversations can be quite difficult to intercept and decode. Further, while at one time Internet-based voice
conversations were largely limited to “major” applications like Skype, there is rapid and widespread proliferation of “voice chat” capabilities. For instance, you can do a voice chat,
a video chat, or even call an external phone from Gmail. And this only covers voice-like capabilities, and doesn’t include
other messaging.
Interestingly, and in a move that makes sense, the government is not specifying exactly which services need to be modified
so that they can be more easily modified. As pointed out in the above-referenced interview, if the systems that were difficult
to monitor were identified, then this would make it obvious which ones could be best used for less-than-honorable purposes.
The implications for this for the corporate enterprise network are yet to be identified since we’re just on the leading edge
of the issue. But it is clear that we’ve come a long way from the days when VoIP was a “toy.” And the fact that it’s “just
another application” is making the task of lawful intercept even more difficult.
Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler Associates.
CLEVELAND – The threat of foreign espionage seemingly disappeared with the Cold War. But there is a new spy game in town.
“Now you’re talking about economic espionage and that is one of the biggest threats to national security that we have,” said Brad Beman, head of the counter intelligence unit for the Cleveland branch of the FBI.
Beman warns that today’s spies are just as interested in the office computer as government secrets.
“Other countries that are not necessarily friendly to the United States are gaining out technology and gaining an edge potentially over us,” Beman said.
Some of the most dangerous spies don’t work for foreign governments, but for local companies. Employees motivated by revenge, money or patriotism are betraying company secrets, according to the FBI.
At Lubrizol in Brecksville, a disgruntled employee, Kyung Kim, sold trade secrets to a competitor in his native South Korea two years ago in exchange for hundreds of thousands of dollars.
Another South Korean native, Kue Sang Chun, a former researcher at NASA Glenn, has admitted to using his credentials to acquire high tech infrared technology for another company to send to a company in his homeland.
Eric Vanderburg, an expert in information security at JurInnov, a Cleveland company that investigates corporate espionage, said theft of trade secrets is a more significant in Cleveland than most realize and happens more often than companies care to admit. Some foreign and domestic companies looking for an edge over the competition hire social engineers.
“A social engineer is a person who’s going to use persuasion to get you to divulge information or perform some action for them,” Vanderburg said.
Social engineers scour the Internet looking for someone to manipulate or even blackmail into divulging company secrets, making the coworker in the next cubicle or the neighbor next door a spy. But local companies aren’t the only targets of economic espionage.
“A lot of our research’s conducted at the university level and it’s unclassified research, which means that it’s much less protected and it’s easier for people to get access to it,” Beman said.
Copyright 2011 Scripps Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
