UK Policing has an issue with cyber crime, namely how under reported it is. The average member of the public is happy to report not only successful but also failed attempts at other crime. If for example a suspicious person is walking down the street checking for open windows and doors on houses or trying handles on cars in order to find opportunities for crime, they would quickly be reported and the Police would watch that person more closely as well as run a campaign of advice to the public on the importance of locking your doors. In the cyber world however, it is estimated by the Home Office that only 2% of successful cyber crimes are reported to the Police by businesses and almost 0% of failed attempts are reported.
This lack of reporting has several significant effects on Policing. Firstly, they do not understand how businesses and local organisations are being attacked. This makes providing preventative advice campaigns significantly less affective, with the Protect Officers using generic advice from NCSC instead of specific advice for local people. Secondly, no budget is allocated for Police to investigate and combat this crime.
Given its nature, cyber crime is difficult to report. Many businesses are not aware that they come under attack every day or even when those attacks are successful. When they do see the attacks they are worried about reporting them to Police for fear of reputations damage and rarely have time to sit through the 45 minute reporting process of ActionFraud.
This talk will explore the methods and challenges for automatically reporting suspicious cyber activity to Policing and how the new Police CyberAlarm scheme is achieving this and overcoming the challenges. The talk will cover the benefits of crowd sourcing threat intelligence data in near-real-time for Policing purposes and how this data is changing the way cyber policing works.