The UK’s National Crime Agency (NCA) warned that businesses and law enforcement agencies were losing the “cyber arms race” with online criminals, as the technical capabilities of criminal syndicates outpaced those of security services.
The report found 2.46mln incidents of cyber-crime last year, including 700,000 cases of fraud.
Following the report, the government announced it is to spend £1.9bn over the next five years on cyber-defences.
The NCA found that the accelerating pace of technology and criminal cyber-capability development currently outpaced the UK's collective response.
Responding to the report, Dave Larson - chief operating officer at digital security firm Corero Network Security PLC (LON:CNS) - said he was seeing an increasingly sophisticated organisation of the threat actors in the form of organised crime syndicate and other forms of dark entities, creating breach kits that are “fabulously powerful”.
He believed that businesses, the banking sector and the government sector are lagging behind in their ability to keep up in the face of change in the cyber threat landscape.
With over twenty years in the data security industry, he believes the rise in breaches is largely due to what he calls “antiquated legislations” and standards that were crafted around a decade ago that businesses are still adhering to.
“There is a false sense of security in many organisations that if you are compliant, then you are secure, and I don’t think those two things necessarily equate.”
“To think that’s still relevant today in the face of change and evolution the threat landscape is probably a bit naïve. Just to think you can still be secure because you use a firewall, IPS and logging systems has been proven to be insufficient, and we see no decrease in the number of breaches that occur.”
“I think there is such a profoundly large economy associated with malware other forms of threats that it dwarfs the amount of money we spend on the appropriate security mitigations.”
“The majority of businesses might have a single individual response for IT and security and that simply is not enough,” said Larson.
Even big banking groups have seen their fair share of cyber-attacks. In 2014 JP Morgan Chase, which spends millions on top-notch cyber security each year, saw an attack jeopardise data from 86mln accounts.
The breach was one of the most publicised and discussed breaches in recent years.
“So, how do you expect the other 95% of businesses without the funds for a dedicated security team to keep up?” asks Larson.
He reckons that this is going to be something that gets outsourced to companies who can hire the right people and amortise the cost properly, while tackling the workload and changing threat landscape.
“We need an organised response that can leverage the best and brightest in order to clean up the problem for the majority of people who can’t afford to do it properly.”