UK cyber crime losses halved
According to the latest figures in the Norton Report 2013 from Symantec, cybercrime losses in the UK have fallen by 54 per cent between 2012 and 2013, from £1.8 billion to £826 million per year, and the average loss per victim is down 30 per cent from £144 in 2012 to £101 in 2013 - with no clear-cut explanation for the colossal scale of this fall, given that the international trend for cybercrime continues to be upward.
McAfee notes examples of organized cyber criminal services
This drop is despite mobile devices and social networking increasingly blurring the divide between personal and office use of the internet, resulting in widespread security lapses.
Sian John, security strategist at Symantec told SCMagazineUK.com, “Gobally the cost per victim is going up and it is not clear why the UK figures are so different to the rest of the world. But with an annual online spend of £1,000 per head, the UK has the highest spending online per capita. It was an early adopter of broadband, and is a high user of social networking, so it is likely that there is now more awareness of cyber fraud among consumers. In our view, this will have pushed criminals to go for lower value transaction frauds in an attempt to avoid being detected.” An earlier Forrester report on online shopping highlighted that 70 per cent of the UK population shops online, the highest level in Europe (together with Sweden and The Netherlands), compared to just 34 per cent in Italy and Spain. Also, the UK is a major user of credit cards, facilitating online transactions
Despite the drastic reduction in the cost of cyber crime in the UK, the actual number of victims remains high, at some 12 million per year, some 45 per cent of online adults in the survey were reportedly the victims of cyber crime or negative online situations, not necessarily relating to any financial loss, but including malware, viruses, hacking and scams.
Of some 13,022 adults surveyed for the report across 24 countries in July this year, 32 per cent said that their company had no policy on the use of personal devices for work – with the same number saying they did use their personal device for work and play, and almost the same number, 31 per cent, saying that the convenience of being constantly connected outweighed any potential security risks. Mobile security ignorance – or bad practice – was rife, with 54 per cent of users not aware that security options for mobile devices even existed, half of social network users not logging out after each session and only 17 per cent of smartphone users installing mobile security software with advanced protection. Some 48 per cent of smartphone and tablet users did not take even use passwords, have security software or back up files from their mobile devices – which is particularly worrying considering 18 per cent had lost their mobile device or had it stolen.
The laxity on phones and tablets was worse than on PCs, with 35 per cent avoiding storing sensitive data files online via smartphones, 37 per cent via tablets, and 79 per cent via PCs. Similarly, 90 per cent of respondents deleted suspicious emails from their PC, but only 55 per cent from their tablet, and 44 per cent from their smartphone, indicating that users need educating that smartphones are effectively small computers.
John comments: “It is inevitable that with the growth of mobile and social media use there will be some blurring (of personal and work use of the internet and access devices), but there are safe ways to do it without sharing what is business and personal. If you are looking at humorous videos on a work device or sharing them at work, then that is both a work and a security issue. Users do need to take responsibility.”
SC Magazine asked, but what about company responsibility and the lack of company guidelines? John responded: “Most companies are looking at awareness of company policy, which is a bigger issue than lack of policies. Plus if corporate Apps are placed in a more protected environment away from Apps that may be used for personal use, then they are more secure. But changing what users do is the best way to reduce risk, by increasing awareness, and changing complacent attitudes of ‘it won't happen to me' that lead to convenience being put ahead of security.”
On a global scale, cyber crime was extrapolated to cost some £72 billion per year, averaging £190 per victim, with fraud accounting for 38 per cent of losses, theft or loss for 21 per cent, repairs 24 per cent and 17 per cent other. Using Norton's rounded figures, China and the US both represented losses of £23bn, with Europe a further £7 billion, Brazil £5 billion, Mexico and India £2 billion each, while Russia, Japan and Australia are each on £1 billion.