stakeholder communication. When I have seen incidents that have gone wrong, it’s more than often because people are not communicating eff ectively.


CSE: How can that be addressed? BR: We need to bring cyber professionals and the communications professionals together to think about how, in the event of an incident, the communications strategy would work. I believe that’s very important, particularly around the area of how targeted companies then engage with their customers, partners, the media, and so forth, following an attack. Once there’s a story out there it can get out of control, as we know. Something we’ve seen is that, following a cyber breach incident, cyber criminals will exploit concern that follows media coverage to conduct secondary fraud aimed at people who might have been aff ected by the initial incident. If, in anticipation of this eventuality, organisations have already formally advised their customers to ignore any attempt to get them to divulge sensitive details, it can prove eff ective in containing further incidents.


CSE: Given the range of incidents that the NCCU/NCA monitors, do you see any discernable shift in attack types or patterns over time?


BR: There are certainly still traditional attacks where threats actors hack into a network, hide there for a while, and then exfi ltrate


valuable information.


We’re not going to wrap ‘DO NOT CROSS LINE’ tape around all the servers of breached organsations


CSE: Are the people behind these harder attacks new on the scene?


BR: Not necessarily. What we’re seeing is, I think, cyber criminals adjust their methodology. Organised cyber criminals are agile and fl exible – no diff erent from other kinds of criminals, in fact.


CSE: So are there any indications that ‘traditional’ criminals are moving into cyber crime – such as Business Email Compromise (BEC) attacks – attracted there by likely gains from defrauding commercial entities?


Those


attacks are not going away. But the threat actor remains as hidden as they have always been. But there has been a shift. Cyber crime has become more confrontational. For instance, we’re seeing more


denial-of-service with extortion


incidents. What we are also now seeing is other threats who are not trying to hide – in fact, they are trying to be as much in a target’s face as possible – trying to get hold of money in as aggressive, assertive, upfront a way that they can.


BR: Yes, there are. We’ve predicted that trend: more traditional organised crime ‘enabled’ by cyber technology adoption. There have also been some instances of traditional organised crime using the services of cyber criminals for specifi c types of unlawful activity – but I don’t think that it’s yet as widespread as some once feared it would become.


ACCREDITATION Words | James Hayes Main photography | National Crime Agency


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53