Home | Services | Events | Features | Interviews | Profiles | Reviews | News | Resources | Press | Archive

Wales leads the charge in the fight against ecrime

by Sali Earls

The third annual eCrime Wales Summit took place in Newport at the start of March. National and international experts took to the stage at the day long conference to tell the audience of 300 public and private sector organisations about the continuing and evolving risks we all face from computer related crime.

Hosted by Jamie Owen of BBC Wales, the opening address was delivered by Mike Tongue, Chief Constable of Gwent Police. Tongue told delegates that Wales was leading the way in combating ecrime, but that an attack would not just have an immediate impact on the organisation, it would also challenge customer and consumer confidence in the company. He concluded by assuring delegates that the four Welsh police forces have ecrime specialists, and were working together to ensure continuity across the principality.

An interview conducted by Brian Morgan of Cardiff Business School with Andrew Davies, Minister for Enterprise Innovation & Networks, Welsh Assembly Government was broadcast to the conference. The minister said that many small companies are not yet aware of the scale of the ecrime problem, or do not have the resources to combat it. He went on to say that as a small clever country, with stakeholder groups working together collaboratively, Wales can indeed lead the way.

Davies acknowledged the work of Detective Chief Superintendent Chris Corcoran of North Wales Police, as Chair of the All Wales eCrime Steering Group, in driving forward the Welsh fight against ecrime, and in finding appropriate partners to support the objectives.

As previously reported, the minister reiterated the fact that a new unit has been formed within the Department of Enterprise Innovation & Networks to disseminate information and ensure that the Action Plan, launched at the 2006 summit, is carried out. In concluding, Davies stated his wish that Wales be seen as a good place to do business, and a safe place to do business, and his opinion that the work of eCrime Wales will make this happen.

Chris Corcoran took to the stage to discuss the implementation of the Action Plan. He told delegates that some 132 million sensitive documents are taken out of offices each week on portable devices, and 72% of people questioned by Get Safe Online said that they needed more information to protect themselves. Corcoran also stated that more people now fear ecrime than burglary, and with that in mind, the police forces of Wales and the Welsh Assembly Government are proactively fighting back.

Corcoran defined the four themes of the Action Plan, and stated that people must take responsibility and embrace the plan,

1. Establishing a Multi-Agency eCrime Wales Unit
2. Supporting businesses to combat eCrime - through workshops, education and training from the police and the government to support business
3. Raising awareness of eCrime
4. Reporting and monitoring of eCrime - detailed information is necessary to put the right level of support in place

In closing, Corcoran said that Wales cannot work in isolation. While the principality may lead the way, Wales must collaborate nationally and internationally, and take a proactive rather than reactive role.

Detective Superintendent Russell Day of the Metropolitan Police stated that his force are impressed with the Welsh Action Plan, and said that we all now need to think of ecrime as mainstream. Day commented that £7.5 billion was spent online by UK consumers leading up to Christmas 2006, a 50% increase on the same period in 2005. He stated that the internet, and ecommerce in particular was an "economic and communication colossus" and where an opportunity presents itself, ecrime will surely follow.

In the most thought provoking presentation of the day, security expert Richard Hollis, CEO of Orthus told delegates that identity theft is the fastest growing crime on the internet, as it's hard to detect, hard to prevent, and happens because your identity is "where the money is". Hollis said that according to the Home Office, businesses lost almost £2 billion to ID fraud in 2006; but the fraud per individual victim on credit cards is now over £4,000 before it's noticed.

Detailing the ease in which identities are stolen and sold, Hollis gave delegates a wake up call, urging them to practice identity discipline to protect their information. In closing, he said, "Don't give it away, don't sell it, don't throw it away" and advocated shredding everything.

Peter Bonner, Head of Technical Investigations, HSBC gave delegates an insight into the position of banks in regard to ecrime. He said that a lot of work had been done to minimise the risk of phishing to online transactions, and that the emerging threat is from advanced trojans designed to target banks, and leave a backdoor open to users systems through keylogging. Bonner expressed the need for good firewalls, quality anti-virus and anti-spyware software, and the vital importance of educating staff on the risks posed by the internet and email.

John Needham of eBay discussed safe trading online, and said that counterfeit trade now makes up around 7% of global GDP and is the fastest growing industry in the world. He went on to say that one in seven people in the UK know a victim of internet fraud, and concluded by saying that combating it is the shared responsibility of individuals, police, business and government.

Dan Haagman of information security company 7Safe told delegates about digital media security, via case studies looking at internal hacking, external hacking and the criminal use of messaging. Haagman's speciality is digital forensics, and said that computer use leaves a digital trace that can be tracked, but hacking is growing at a tremendous rate.

He urged companies to develop policies and train staff appropriately to cope with the security breaches, and said that people should "know your threats, know your users, and know what you're trying to protect". In closing, Haagman told delegates that should they experience a security breach they should pull the plug out of the PC and lock it away, without shutting it down as any other action could alter evidence.

The final presentation of the summit was from Derek Simpson, eCrime Forensics & Operations Manager at BT. He told delegates about the formation of an ecrime team in 2000, and ran through some examples of their work, including reacting to and combating denial of service attacks.

Simpson explained that the ecrime team was made up of analysts, IT investigators and computer forensics specialists, and they are involved in the ongoing development of network monitoring tools to mitigate risk. The work of the BT group is influencing UK and EU policy, and is focused on ensuring the resilience of BTs network and services to allow the UK to work under the changing threats we now face.

With an 8000% increase in online banking incidents over the last 2 years, and the fact that one in three Welsh businesses have been affected by eCrime, at an annual cost of £160 million per year, the work of the eCrime Wales is vital to the future of the Welsh economy. The Welsh Assembly Government has the ambition to make Wales "a good place to do business, and a safe place to do business", and this can only be achieved through the concerted effort of businesses, individuals, police and the government itself.

The first of four objectives of the Action Plan is now coming into being, with the development of a multi-agency eCrime Wales unit, to be led by the Department of Enterprise Innovation & Networks, Welsh Assembly Government.

The annual eCrime Wales Summit is still the only initiative of its kind in the UK outside of London, positioning Wales at the forefront of the fight against cybercrime. Businesses and individuals in Wales now need visible proof that this initiative can deliver: education, information, support and evidence that ecrime is acknowledged as and handled with the same rigour as mainstream criminal activity.

Send a comment about this article to editor@itwales.com.

Home | Services | Events | Features | Interviews | Profiles | Reviews | News | Resources | Press | Archive
About ITWales | Privacy Policy
All material on this website ©2002-2008 ITWales