Opinion: The fight against e-crime is failing

Though businesses are becoming more aware of the need to invest in security, government and law enforcement are still woefully unprepared to catch cyber criminals, says Simon Moores.

At last month's e-Crime Congress in London, a high-tech, digital keypad solution was in place to test the five hundred delegates' views on a number of different issues touching on the subject of internet crime.

The results of the survey from an audience of leading international business, law-enforcement and financial services figures raised a number of surprises (other than the opening presentations on both days, the event was barred to the media).

The greatest of these occurred on the second day, when 41 per cent of the responding audience indicated that their business has lost more than £1m to e-crime in the past twelve months.

The size of this figure (which excluded the law enforcement officers in the sample) was far higher than anyone had anticipated. The Congress had heard reports that suggested a dramatic escalation in business and personal losses since the previous year's event, and 21 per cent of the audience admitted to have had personal experience of identity theft over the period with 11 per cent experiencing some form of financial loss as a consequence.

An encouraging note was that organisations are now seen to have a better grasp of the benefits of a good security strategy, with the public sector seen to be outperforming the private sector by 10 per cent in their recognition of its value. This however left delegates admitting in 20 per cent of cases that their organisation did not have an adequate security policy in place - and only 28 per cent of the audience claimed to be ISO 17799 compliant.

Organisations are increasingly taking out insurance against information risk, with 23 per cent following this route towards achieving a good night's sleep. Outsourcing of the security function is not as widespread as the service companies might like - 13 per cent of the e-Crime Congress audience outsourced more than 60 per cent of their IT security function to a third-party specialist organisation.

Given the international nature of the conference, it was interesting that confidence in cooperation and mutual legal assistance treaties as a means of combating e-crime was relatively low - it was rated between one and two on a scale with a maximum of five. Some 24 per cent of the audience had no confidence whatsoever in the strength of international cooperation; police officers were not excluded from this sample.

The concept of 'trusted' brands and overall confidence in the internet as a viable commercial medium appears from the survey to be growing but still has some way to go. The conference heard from one leading pharmaceutical company of the difficulties it was facing in fighting counterfeit drugs. In some parts of the world, the audience was told, the counterfeit drugs trade is so endemic that one should not expect substances handed out by a doctor or hospital to have any active ingredients.

The growing size of the e-Crime Congress indicates the importance being given to the subject at an international level, with companies such as Amazon, eBay, Yahoo! and even the largest Islamic bank in the Middle East giving presentations alongside the likes of Metropolitan Police Assistant Commissioner Tarique Ghaffur and Wang Zhigang, deputy divisional commander of the Chinese People's Public Information Network Security Bureau in Beijing.

From the networking sessions, I was left with the impression that overall, there is a sense of frustration that government on a global basis is failing to come to terms with cyber crime threats - and has not allocated anything near the level of resources required to challenge a growing 'dark economy' that threatens to stunt the progress of the web.

The 2006 Congress was looking for real signs of progress over last year - and found instead that while awareness of the need to invest in good security among businesses is higher, increasingly sophisticated cyber criminals are prospering on a transnational basis.

Fighting crime on the internet, it seems, is equivalent to fighting the mythical Hydra. Lop off one of its heads and two more will swiftly grow again in its place.