Disclosing a Cyber-Crime to the Authorities:

Should you do it?

What are the risks?

PRESENTED BY:

DAVID CLARKE TODAY ADVISORY SERVICES FOUNDER AND FORMER DIRECTOR OF NATIONAL FRAUD INTELLIGENCE BUREAU UNITED KINGDOM

Copyright © Today Advisory Services, All rights reserved

https://www.linkedin.com/pub/david-clarke/10/816/28b

david.clarke@todayadvisory.com

• Current trends in cyber attacks against individuals and businesses

• Options for reporting and the response from the Authorities

• Risks, issues and benefits of disclosing an incident

• The Good, bad and ugly: Recent case studies

• Best practice policy & procedure for disclosing incidents to the

Authorities

Copyright © Today Advisory Services, All rights reserved

Overview

About me

• Former Senior Police Detective • City of London Police, UN International Police • Police Representative on the UK Attorney General-Led Fraud

Review • Founder and Director of the UK National Fraud Intelligence

Bureau (NFIB) • Today Advisory Services • Consultancy and Multilingual Compliance Support Services • Senior Advisor AMLiss™ • Today Translations, Risk & Compliance • ISO 27001, ISO9001

Copyright © Today Advisory Services, All rights reserved

Terminology: Dependent or Enabled? Crime or Incident?

Cyber-dependent crimes are offences that can only be committed

by using a computer, computer networks, or other form of ICT. Acts

include the spread of viruses and other malicious software, DDoS

Cyber-enabled crimes are traditional crimes that are increased in their

scale or reach by the use of computers, computer networks or

other ICT. They can still be committed without the use of ICT. Include Fraud, theft, harassment,

child exploitation

Copyright © Today Advisory Services, All rights reserved

Washington, Hollywood and Romance

Copyright © Today Advisory Services, All rights reserved

1. Current trends in cyber attacks against individuals and businesses

https://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/

• Victimisation surveys indicate that only a small proportion of internet users report being victims of cyber-enabled frauds. This suggests that the public largely ignore unsolicited communications, although victims may not perceive themselves as ‘victims’ if a loss is refunded by a bank.

• ‘Insider-threats’ are a prominent issue reported in business surveys. However, the limited evidence available is mixed on whether they are a bigger problem than outsider attacks.

• Despite concerns over personal data and security, consumer online confidence appears to be growing and users continue to transact online.

Copyright © Today Advisory Services, All rights reserved

Size of the Problem – Cyber Enabled: Fraud and Theft

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/246749/horr75-summary.pdf

UK Home Office. Cyber Crime: A Review of the Evidence October 2013

• In 2011/12 over one-third (37%) of adult internet users reported experiencing a negative online incident in the past 12 months, but these experiences would often be below the threshold of a recorded crime.

• Almost one-third (31%) of adult internet users in 2011/12 reported receiving a computer virus in the past year (ONS, 2012b)

• Anti-virus providers generally conclude that security ‘attacks’ globally are in the billions and levels are increasing.

Copyright © Today Advisory Services, All rights reserved

Size of the Problem – Cyber Dependent

UK Businesses: Security Breaches Survey 2015

Copyright © Today Advisory Services, All rights reserved

UK Government IS Breaches Survey 2015

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/432413/bis-15-303_information_security_breaches_survey_2015-executive-eummary.pdf

UK Businesses: Security Breaches Survey 2015

Copyright © Today Advisory Services, All rights reserved

Copyright © Today Advisory Services, All rights reserved

Cost of Cyber Crime The most costly cyber crimes are those caused by malicious insiders, denial of services and web-based attacks. These account for more than 55 percent of all cyber crime costs per organization on an annual basis: Ponemon Institute 2014

The average time to contain a cyber attack was 31 days, with an average cost to participating organizations of $639,462 during this 31-day period: Ponemon Institute

2014

UK Government IS Breaches Survey 2015

Statutory or Voluntary?

Copyright © Today Advisory Services, All rights reserved

2. Options for reporting and the response from the Authorities

https://www.gov.uk/government/publications/10-steps-to-cyber-security-advice-sheets/10-steps-incident-management--11

Copyright © Today Advisory Services, All rights reserved

2. The Response from the Authorities

• Fraud and Cyber Reports made to Action Fraud

• NFIB response • Actionable crime or intelligence? • Local police action • Metropolitan Police Operation Falcon • International partners • NFIB’s Cyber Hygiene programme

http://www.met.police.uk/docs/cyber-crime.pdf

http://democracy.cityoflondon.gov.uk/documents/s50727/Appendix%201.pdf

3. Risks, issues and benefits of disclosing an incident

Copyright © Today Advisory Services, All rights reserved

There’s a threat to life or property and

Authorities have powers to protect us

We’re regulated and we face legal or

regulatory sanction if we disclose

We’ve dealt with it, if we report it may

become public and harm the brand or

give an advantage to the competition

The insider has gone and has signed an

Non-Disclosure Agreement. No one

will know.

A confidential disclosure may

protect us in the future

Failure to disclose now may bite us in

the future

The Legal Perspective

“Of all the fraud types, cybercrime is the one area where identification of the perpetrators and recovery of loss is all too often an uphill struggle. With organised crime able to move monies or information swiftly once extracted, recovery of the loss is often difficult and focus immediately is ensuring the cyber attack is stopped.

We advocate that resource is provided to focus on prevention and awareness so that employees understand the risks. After all, you can invest in expensive firewalls and software to protect your business but your best form of defence are your people and their awareness of the risks”

Arun Chauhan

DWF LLP Copyright © Today Advisory Services,

All rights reserved

防微杜渐

Reputational Management Perspective

“You need to think about the reputational impact – not just the legal position – lawyers are paid to be cautious, but good lawyers and good corporate advisors understand that how you are seen to respond to an issue can be more important in the long run. Never underestimate the damage than can be caused to a business by a reputational impact”.

• Liam Herbert

Chelgate

Copyright © Today Advisory Services, All rights reserved

• Boyfriend in Europe obsessed with Girlfriend grabs her social logins at home

• Girl ditches boy

• Boy hacks into girls work PC via social

• Sends offensive message to company client via girls email

• Forensic examination

• Crime report to UK police

• Join operation

• Boyfriend arrested and prosecuted

• Lessons learnt

• Action taken

Copyright © Today Advisory Services, All rights reserved

4a. The Good: The Key-logging Stalker

• UK/US company in the regulated sector identified malware on its systems and suspected it was installed by an insider.

• Forensic examination and further investigation identifies suspect coder in Balkans and several persons of interest in UK.

• Regulatory reporting requirements .

• Intelligence report to NCA, UK police and Regulator.

• Intelligence recorded and developed by police

• Insider risk mitigated

• Lessons learnt and applied Copyright © Today Advisory Services, All rights reserved

4b. The Not-So-Bad: Identifiable Hackers

• UK Entrepreneur develops innovative crowd sourcing and investment platform with £100k+ personal investment.

• 2 years work with one developer and a “casual acquaintance” of his.

• Prototype launch to audience of investors.

• Acquaintance hacks into email accounts and sends a string of offensive messages to users.

• Crime report to UK police identifying offender in UK.

• Intelligence recorded. NFA

Copyright © Today Advisory Services, All rights reserved

4c. The Bad and Ugly: Identifiable Hackers

Protecting Your Businesse

Copyright © Today Advisory Services, All rights reserved

UK Government IS Breaches Survey 2015

• Get Senior Management Buy-in – they understand the risks they face

• Establish Incident response capability

• Provide specialist training

• Define roles and responsibilities

• Establish data recovery capability

• Test the plan

• Decide what information to disclose and with whom

• Collect post incident evidence

• Educate users

• Report crime

Copyright © Today Advisory Services, All rights reserved

5. Best practice policy & procedure for disclosing incidents to the Authorities

https://www.gov.uk/government/publications/10-steps-to-cyber-security-advice-sheets/10-steps-incident-management--11

Copyright © Today Advisory Services, All rights reserved

If you don’t disclose others might

https://www.gov.uk/government/publications/10-steps-to-cyber-security-advice-sheets/10-steps-incident-management--11

Small Print

Copyright © Today Advisory Services, All rights reserved

Disclaimer: The views expressed in this presentation are those of the Presenter and may not represent those of Today Advisory, Today Translations Ltd and its affiliated companies. The information and materials contained or including any ideas, opinions, predictions, forecasts and suggestions expressed or implied in this presentation and accompanying commentary are for informational or educational purposes only and should not be construed as legal, financial or other professional advice. While the information provided is believed to be accurate, it may contain errors or inaccuracies and should not be used as a basis for making business or investment decisions. Any advice or information received via this presentation should not be relied upon without consulting primary or more accurate or more up-to-date sources of information or specific professional advice. You are recommended to obtain such professional advice where appropriate. The Presenter and Today Translations Ltd accepts no liability and will not be liable for any loss or damage arising directly or indirectly (including special, incidental or consequential loss or damage) from your use of this information, howsoever arising, including any loss, damage or expense arising from, but not limited to, any defect, error, imperfection, fault, omission, mistake or inaccuracy with this presentation, its contents, commentary or associated services. References in this presentation to any products, events, organisations or services do not necessarily constitute or imply the Presenter or Today Translations Ltd's endorsement or recommendation of them. Any external links or hypertext link from this presentation exist for information purposes and are for your convenience only. The presenter and Today Translations Ltd accepts no liability for any loss or damage arising directly or indirectly (including special, indirect or consequential loss or damage) from the accuracy or otherwise of materials or information contained on the pages of such sites. The inclusion of hyperlinks to web pages does not imply any endorsement of the materials on such sites.