Cyber crime 'costs UK plc £270,000 an hour'
Cyber crime is costing UK companies up to £270,000 every 60 minutes - but many are unaware of the sheer scale of the outbreak, independent risk consultants have warned.
Technical investigators at Protiviti yesterday told Contractor UK they have witnessed a 66 per cent rise in the number of IT-enabled crimes they have dealt with in the first 3 months of 2006.
The unprecedented rise in e-crimes is one reason the US-based consultancy has beefed up its computer forensics and IT crime team in the UK.
The investigators claim many established businesses are unaware of the scale of computer crime due to the virtual nature of the attacks, and their authors.
Corporate victims also keep quiet for fear of adverse publicity suggesting their IT defence or computer infrastructure was inadequate, the firm said.
Mike Andrews, its newly appointed chief investigator, said many corporations are in the dark over the size of cyber crime 'because they cannot visualise the crime or criminal' as they would a physical attack or attacker.
These companies are also "not afraid of those carrying" out the crime in the same way as they would be of those perpetrating a physical crime, he said.
Protiviti, which is owned by Robert Half International, a $2.7bn NYSE-listed public firm, said its figures stem from fresh data from the NHTCU and the Small Business Service Analytical Unit.
Sean Holohan, director of integrity risk said: "Through greater connectivity and technological advances, e-crime is growing at a rapid rate and will continue to do so for the foreseeable future.
"However, the factors behind this also make it easier to identify the electronic 'fingerprints' of the criminals. With the proliferation of computers, PDAs and mobile phones, electronic evidence is proving ever more important in solving crimes."
"Sadly," he added, "the majority of cyber-crimes go unreported because companies don't want the adverse publicity or any potential disruption to their business.
"Also, many organisations that are victims of these crimes do not know what to do or who to turn to. However, easy victims that don't take prompt action often become repeat victims."
The consultancy's IT crime and computer forensic investigators work under the brief of assessing the damage caused to the client company via e-crime, including the patching of any security holes.
Upon collating evidence, their mission statement in 50 locations worldwide is to enable the client company to 'resume business as quickly as possible.'
Responding to how contract security managers and IT administrators can minimise the risk their client company faces, the investigators replied with the following best practice recommendations:
Contain and Preserve
• Act decisively to prevent the loss or damage of digital evidence, which is a volatile medium
• Initiate all responses with the most serious consequences in mind; it can always be scaled down as more facts/information come to light. It's too late once you are at court
• Never use internal IT staff to collect your evidence because mistakes can be embarrassing or leave the organisation open to the possibility of being counter-sued
Ascertain the extent of the incident
• Determine to what extent the company has been exposed by the incident
• Determine if future incidents can be avoided
• Determine if changes to infrastructure, systems, policy or contracts need to be made
Resolve the matter
• You will now be in the position to know how to address the situation. This could include doing nothing, dealing with IT in-house, formalising the incident with legal debate or escalating the matter to a higher authority e.g. Police
• Assess what damage control may be required