The threat from cyber crime

We have seen a significant growth in cyber criminality in the form of high-profile ransomware campaigns over the last year. Breaches leaked personal data on a massive scale leaving victims vulnerable to fraud, while lives were put at risk and services damaged by the WannaCry ransomware campaign that affected the NHS and many other organisations worldwide. Tactics are currently shifting as businesses are targeted over individuals and although phishing attacks on individuals are increasing, fewer are falling victim as people have become more alert.

Because the distinction between nation states and criminal groups is increasingly blurred, cyber crime attribution is sometimes difficult. Many Russian-speaking cyber groups are threatening UK interests, but home-grown cyber criminals are becoming more sophisticated and therefore a rising threat. Although young criminals are often driven by peer kudos rather than financial reward, organised UK cyber crime groups are motivated by profit.

Cyber criminals seek to exploit human or security vulnerabilities in order to steal passwords, data or money directly. The most common cyber threats include:

  • Hacking - including of social media and email passwords
  • Phishing - bogus emails asking for security information and personal details
  • Malicious software – including ransomware through which criminals hijack files and hold them to ransom
  • Distributed denial of service (DDOS) attacks against websites – often accompanied by extortion

The scale and complexity of cyber attacks is wide ranging. 'Off the shelf' tools mean that less technically proficient criminals are now able to commit cyber crime, and do so as awareness of the potential profits becomes more widespread. The evolving technical capabilities of malware means evolving harm as well as facilitating new crimes, such as the cryptomining malware which attacks digital currencies like Bitcoin.  

Cyber attacks are financially devastating and disrupting and upsetting to people and businesses. We know that there is significant under-reporting, although the new General Data Protection Regulation is likely to prompt a better picture of scale. Currently the level of sentencing at court is not commensurate with the seriousness of attacks, and this is an area which is ripe for consideration.

Our response

Cyber crime is a global threat. Criminals and the technical infrastructure they use are often based overseas, making international collaboration essential.

We focus on critical cyber incidents as well as longer-term activity against the criminals and the services on which they depend. We work closely with UK police, regional organised crime units, and partners in international law enforcement such as Europol, the FBI and the US Secret Service to share intelligence and coordinate action. We have also developed close and effective partnerships with private industry to share information and technical expertise.

As well as disrupting the current generation of cyber criminals we also want to prevent young people from slipping into cyber crime. Our #CyberChoices campaign encouraged parents of young people with cyber skills to talk to them about their ambitions and the opportunities to use their skills positively.

We also work with partners such as the National Cyber Security Centre, Get Safe Online and Cyber Aware to promote ways for the public and businesses to protect themselves online.

How you can help

Most cyber attacks could be prevented by taking these basic security steps: 

  • Choose strong passwords and don’t reuse them for multiple logins
  • Install security software such as anti-virus and two-factor authentication. This kind of software is often available for free.
  • Keep all security software and operating systems updated (this can be set to update automatically)

For further advice on how to stay safe online please visit Cyber Aware, Get Safe Online or the National Cyber Security Centre.

If you are a victim of cyber crime please report it to Action Fraud, the UK's fraud and cyber crime reporting centre.