A great deal of the responsibility for staying safe online is in the hands of the consumer. You or I, surfing the web, need to be educated on the risks we might face and be careful not to expose ourselves to them when we're online. Organisations like Get Safe Online and Government initiative Cyber Streetwise invest a huge amount of effort in educating the public, at home and at work, on where they might be vulnerable and how they can stay safe.
On the 9th February, the UK Safer Internet Centre held its annual Safer Internet Day, promoting the safe and positive use of digital technology. Schools across the UK took part, educating students about the potential dangers online. However, despite all the positive initiatives out there, there will always be those who look to use the internet for harm.
Tackling the broader cybercrime challenge needs an orchestrated response. I wanted to highlight three ways in which law enforcement agencies are working with each other and other organisations (including my own) to tackle the real and very present danger represented by opportunistic and organised criminals online:
- Upskilling regional law enforcement: The National Crime Agency, via the National Cyber Crime Unit, is working to upskill local and regional law enforcement on how to monitor for and respond to criminal enterprises online. Global demand for cyber security skills, it has been reported, will outstrip supply by a third before the end of the decade. Your local police force will need help in upskilling its staff. A decade ago they were more likely to be dealing with more conventional crime, but now need to understand the types of crime that can be perpetrated by online criminals against the citizens in their care.
- Pursuing cyber criminals at a national and international level: increasingly sophisticated tools are needed to sort through the billions of internet requests and track down the botnets and gangs that are targeting British citizens, businesses and public sector organisations. We analyse the overall patterns of traffic on our own servers via our internet traffic monitoring tool as a matter of course. If we spot anything in the traffic flow that matches the pattern of criminal behaviour we can analyse this as it happens, as well as retrospectively, and share any key warning indications with law enforcement.
- Working to target and prevent criminal vulnerabilities. When criminals are identified, it's sometimes possible to launch a virtual or physical 'raid' to take down their operations. One major route for this is in tackling websites used for criminal activity online, often including the sale of unlicensed and potentially dangerous pharmaceuticals or fake branded goods. We work in close coordination with key law enforcement authorities to suspend these domains when they end in .UK. Over this latest twelve-month reporting period, we suspended nearly 4,000 domains in collaboration with a range of law enforcement authorities including the National Crime agency, the Met Police, trading standards, the National Fraud Intelligence Bureau, the Medicines and Healthcare Products Regulatory Agency and the Police Intellectual Property Crime Unit.
As a society we're still finding our feet in terms of keeping our citizens safe online, but there is a tremendous amount of activity taking place across a range of organisations to help protect them. We can support this by reporting the sites we notice on the web that might be putting us and our families at risk to the relevant bodies when we come across them. What more do you think could or should be done? I would be interested to read your perspective in the comments.