Archibald has called for public-private collaboration in the past, bemoaning the lack of cooperation between the various jurisdictions at the International Forum on Cyber Security in France at the start of the year, but urged deeper industry relationships when speaking at the Westminster eForum in London on Tuesday.
He warned that the cyber-crime opportunity is tempting, and that the challenge for law enforcement is not just on catching these criminals, but also trying to prevent them from contemplating this path in the first place.
“It's a new environment – and enabling criminality through the internet has introduced new challenges,” said Archibald.
“The key to understanding the threat is having access to intelligence from partners. It's only when you understand the threat that you can prioritise the response.”
“We very much want to work with industry to better our understanding.”
Archibald, though, admitted that it hasn't always been easy in the past and cited personal experience where the relationship between law enforcement and private sector has been strained.
“Honestly, law enforcement - certainly from a personal experience - hasn't always engaged the private sector as equal partners,” he said, noting that police would often help disrupt the servers of a criminal entity, but with little regard whether such actions resulted in downtime/operation losses for the company which initially reported the incident.
“It was not surprising that business looked elsewhere to protect themselves, so we have to rebuild the confidence so that we can work closely with industry to respond to the threat. It's absolutely key to any cyber security strategy that we invest great effort in developing those relationships, and understanding how we can work together.”
Archibald did though applaud the UK Cyber Security Information Sharing (CISP) as a ‘tremendous step forward' for awareness on what business are seeing in terms of cyber threats in the UK.
Giles Watkins, partner for information protection at KPMG, agreed with Archibald and also urged companies to avoid operating against cyber-crime as an independent island.
“It needs to be a joined-up effort - governments need to talk to each other, corporates needs to join up with each other and with governments too. Nobody can do this [cyber-crime defence] in isolation,” said Watkins at the conference.
Archibald listed malware against financial services, exploits and network attacks, anonymised money laundering, cybercrime-as-a-service and DDoS attacks as the five main threats the NCA is seeing in cyber-crime.