UK top cybercrime enforcement officer: it is very interesting to arrest a cybercriminal
Cybercriminals stand out from any other type of culprits because they like to brag about what they did and how they did it, Charlie McMurdie, cybersecurity director and a board director at Global Cybersecurity Association (GCA), said during a webinar.
"If you arrest anybody nowadays for mugging or bank robbery, they do not want to talk and incriminate themselves. But, quite often with cybercriminals, they love to talk about what they have done, how they have done it, how they have managed to get through different networks," she said during the event.
McMurdie, along with other prominent cybersecurity experts, including former deputy assistant director of the FBI Don Freese, gave a keynote speech at the virtual conference ‘The Global Dilemma. Meeting the AI, Cybersecurity & Cloud Challenges. Looking Beyond,’ organized by the non-profit cybersecurity association in Zürich, Switzerland.
She has decades of experience investigating cybercrime, or, as it was earlier called, high tech or digital crimes. McMurdie helped to build the UK Police Central e.crime Unit and has been a top UK law enforcement officer for hacking, cybercrime, and online fraud.
"It is really interesting when they (cybercriminals) are arrested because they want to tell everyone what they have done," she said.
In 2007, the UK law enforcement got £30M government funding to put together a team to deal with cyberattacks. At the time, it was understood that the old way to deal with fraud investigations that would take up to 2 years was too slow and ineffective.
"Cybercrime is prevalent wherever you are. Cybercriminals like to capitalize on weaknesses and the key story of the day. So any major disaster that's occurring, they will probably send something out," she said.
To illustrate the gravity of the situation, she highlighted some of the cybercrime statistics. It is estimated that cybercrime will cost around $6 trillion to the global economy in 2021. 6.4 billion fake emails are sent every day. The median number of days an attacker resides within a network before detection is 146 days. The number of daily digital crimes increased by 75% since COVID.
"When the breach reaches the news, we know it did not happen yesterday. It happened last month, last year, and the bad guys have been utilizing the data for some time before it has been discovered," she said.
One of the critical things with cyber is, it is not so much about the hard currency. It is about data more often than not.
"The bad guys love data because they can use it in so many different places and use it time and time again. They can use it for fraud or deception. It is interesting to look at how much data is out there, where our data is being held. Your data, my data is probably on 500-1000 different databases, from the local shop we go shopping to our banks, tax office, our health data," McMurdie said.
What is more, cybercriminals are stealing data not only for financial gain. Sometimes, they steal or compromise intellectual data. "If you have spent years developing the latest gadget or widget, and all of a sudden you are due to go to the market with it, and suddenly someone else releases the same design and model because they have stolen your intellectual property."
Cybercriminals fall under the following four categories: they are either hacktivists, belong to organized crime groups, represent nation-states, or are insiders.
Hacktivists are lobbying for the freedom of speech and the right to have your voice heard. The idea is good, McMurdie reckons, but their attacks were causing substantial harm and impact on the economy more often than not.
"It is a real challenge for law enforcement," she said.
Martin Tang, Chairman of GCA, also expressed a concern that cybercrime is a global problem and highlighted the importance of international collaboration.
"You never know from which part of the world your next cyber attack will emanate. To keep match fit, we need to know what the attack vectors and defense strategies are all around the world. Your next attack can come from any continent or any country. Most likely, it will come from outside your own country of residence, where most of your cyber network and cyber know-how resides. By creating a global team, networking and sharing extensively, and creating alliances around the world, we hope to help increase awareness, knowledge, and cybersecurity. GCA's Symposium has members from the US, UK, Germany, and Switzerland and is expanding to cover the remaining continents and major hubs of cybercrime activity," he said.
More from CyberNews:
Subscribe to our newsletter