Well this should be an easy blog to write. When it comes to the ethics of cyber crime there are none. It’s wrong. Just like breaking into someone’s house, or car and finding what you can filch, it is a crime and covered by various bits of legislation. The Fraud Act 2006, Theft Act 1968, Theft Act 1978, CMA, Forgery and Counterfeiting Act 1981, and Proceeds of Crime Act 2002 (‘POCA’) should be a good start, yet the punishment tends to lag behind the crime.
Cyber crime is on the rise and is an existential threat to businesses with many being hacked, disrupted, held to ransom, fined or simply letting their customers down due to lax online security.
It is not just the big companies that have been targeted. Behind the headlines are many small and medium firms under attack. There has been a marked change in the size of companies under threat, with the attacks targeted at smaller businesses. According to the Federation of Small Businesses over 60% of SMEs were hit in 2019, resulting in substantial recovery costs. Perhaps the other 40% just aren’t aware of it yet.
Then of course there has been COVID-19 which has turned our world upside down. Most businesses have now moved to at least some trading online with many of their people working remotely from home. Nearly 70% of all crime has a cyber element.
Yet, as with all things human, the picture is not so straightforward. There are things known as ethical hackers, indeed it is one of the most popular courses at university, where skills are taught that enable people to hack into computers to test how secure they are. These are the very same skills that are needed for more malicious activities.
Indeed there are people who will hack into your systems and then offer you their services to show how to fix the problems they have found. For a small fee of course. Whilst this is a useful service it borders on the highly suspect ethically.
This week we have seen Microsoft, one of the world’s largest computing companies, launch its own cyberattack simulator to help you check your company’s defenses. According to Techradar, it is designed to enable security researchers to create simulated network environments in order to observe the interactions between automated Artificial Intelligence (AI)-driven attackers and defenders.
Is it ethical for a business to set up systems that allow you to break into your own data to test if you have set up their technology in the most secure way you can? Is this like an alarm company offering burglars to try and break in to make sure they work? These are interesting times.
This and other ethical questions around cyber security and cyber crime will be considered at a couple of events during this year’s #CyberFest, the North East’s biggest cyber security festival. Please look out for them as there is certainly a lot to talk about.
Phil Jackman is Director of NIBE.