How can we win the war on cyber crime?

A parliamentary report claims we're losing the fight against cyber crime. So how can we turn the battle around?

The UK is losing the fight against e-crime according to Parliament's Home Affairs Select Committee, with hackers and other cyber criminals triumphing over both public- and private-sector organisations.

Blame is attributed to everything from the increased sophistication of state-sponsored cyber-espionage, to complacency about threats posed by hackers or the lack of an appropriate response for dealing with one of the fastest-growing criminal challenges of the 21st century.

The e-crime report recommends that a state-of-the-art "espionage response team" should be created to combat cyber crime. But this isn't merely a problem affecting governments and nor can the government always be there to provide protection against every instance of e-crime that befalls organisations. So, what needs to be done to turn the fight against cyber crime from a losing battle to a winning one?

Skills and education

"We've got to fight the crime we have now with the means we have at our hands, but we won't get a long-term solution unless we invest now to get the skills coming through," Judy Baker, chair of Cyber Security Challenge UK, told Computing. The not-for-profit organisation runs competitions aiming to inform about cyber threats and encourage careers in cyber security.

"It's not just getting the skills through into the jobs so we get the right sort of defence mechanisms in place within organisations and government, it's also about end users understanding what this is all about so that we can build security all the way through our society.

"I think it's really important that within our education people understand what cyber security is and why it really matters," she added.

According to Dr Siraj Shaikh, reader in cyber security and lead for the digital security and forensics research group at Coventry University, data hygiene also plays a part.

"Stay vigilant when you're using online banking, e-commerce or auction sites and about any signs of a site being fake or hacked. In terms of our PINs and passwords, there's always a message about having a good password, and we need to drill this down, that passwords do matter," he told Computing.

Like Baker, Dr Shaikh also believes education is key to winning the war on cyber crime, but guidelines need to follow the success of anti-smoking campaigns in being made more explicit and visible to a wider audience.

"What they've done is step up public displays so there are signs wherever you go saying its clear they don't want you to smoke. The severity of the message was a key element, with the pictures of diseased lungs and the stats around it," he said, adding that sentencing needs to be severe too.

"The severity of e-crime, the impact it has on people and the punishment it carries needs to be stepped up as well," he added.

Shaikh also suggested it needs to be simpler for organisations to report cyber attacks, without fear of the information becoming public if that's what's required for it to happen.

"With traditional crime, the police always emphasise that it is very important that you do report it. This needs to be made easier by the authorities," he said.

"They need to start providing easier mechanisms to report cyber crime, confidential lines maybe, so companies, if need be, can avoid damage to their reputation."

Mark Surguy, partner and fraud investigation expert at law firm Eversheds, also believes organisations need to play a bigger role in fighting cyber crime, working together to combat the threat.

"Data travels across borders, yet legal systems are nationally based," he told Computing. "There needs to be massive co-operation at an international level with international treaties being negotiated between organisations as to how they'll co-operate to deal with the problem."

Surguy also suggested that private prosecutions by companies could also be a method of fighting the battle.

"It might be good if bodies could investigate and prosecute themselves. We could see more private prosecutions being supported by government so that companies could bring their own prosecutions against those they know are responsible."

He also argued that punishments for e-crime need to be more severe.

"That's got to be supported by proper sentencing and proper punishment, not just slaps across the wrists; the problem has to be treated more seriously than it is at the moment."

Cyber crime, however, isn't stagnant and no matter how the fight is taken to criminals, Dr Shaikh points out, the authorities will need to keep adapting.

"The battle will need to go on, because e-crime, like traditional crime, will continue to evolve and so should our policing of e-crime," he said.