The CBI's recent cyber crime report, released at the end of last month, was accompanied by a call to action, challenging the Government to come to the rescue of cyber crime victims through the work of its cyber crime unit and by setting up a UK centre for cyber crime complaints. The message is clear: UK companies want justice to be done and the Government should be responsible for meting out punishment to cyber criminals.
In my view, however, this kind of idealism is only playing into the hands of such criminals. If companies persist with the belief that the law can protect them from cyber crime, they will continue to lose billions a year from security breaches. In other spheres, prison sentences and the fear of being caught may decrease crime levels, but it seems that cyber criminals have less respect for the law.
This disrespect stems from the fact that the law is inherently unsuited to tackling cyber crime. Whilst laws are national, cyber crimes are international, thus making prosecution almost impossible. Cyber crime laws will also always be retrospective and delays inevitable.
Furthermore, too few investigating officers have the necessary skills and training to combat cyber criminals, and those who do are often tempted away by the high salaries of the private sector. If cases ever do get to the courts, prosecution is rare as cyber evidence is incredibly difficult to present and validate. Finally, sentences for cyber crime are laughably lenient: the longest UK sentence so far issued is four years.
Cyber criminals are unlikely to be caught, unlikely to be prosecuted and unlikely to be justly sentenced. These people are gamblers and, with the odds stacked so convincingly in their favour, they will continue to commit their crimes. Thus, no company is safe from cyber criminals but, rather than relying on someone else to look after them, companies must be responsible for making their security stringent enough to protect them.
To achieve this, most firms need to undergo a cultural change and employees must be prepared to compromise usability to ensure that systems are protected. Staff must understand the potential consequences of careless behaviour, and security policies should be well defined and strictly policed to make it easier to monitor for abnormal behaviour.
It is essential that companies don't become complacent as confidence gives hackers an opening. Even if they have implemented strong user identification and authentication policies, it is still worthwhile to track unusual behaviour like repeated failed login attempts within the company.
Companies should also remain cynical and disregard all claims that products and systems are secure until they can be proved. They should not allow themselves to be guinea pigs and should ensure that they take expert advice before experimenting with new technologies.
Finally, if you don't have the expertise to determine security risks, hire those who do. Ensure that security employees are officially accredited and can prove their credentials. It is essential to keep your key staff, their knowledge and expertise and not to risk losing them for short-term, economic reasons. Your only hope is to know more than your attackers.
Whilst no security steps can ever completely protect you against most high-level hackers, they will help ensure that you are as well protected as possible. It is vital that your staff's security education is to the highest level. Knowledge is the cyber criminal's most powerful weapon and thus your best line of defence. When it comes to cyber crime you are fighting on your own, so it falls to you to make sure you are equipped.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally