2016: Cyber-Crime Becomes Big-Time

It came as a shock to be told by an American when I was last over there in the autumn that he had to change his credit cards every month or two because of hackers. I assumed it was because he was a pretty rich guy and would be a prime target.

But then comes this week’s revelation from a field trial conducted by the UK Office of National Statistics suggesting that there could have been over 7.5 million cyber offences against individuals last year.

“2016 will see cybercrime finally find its place in our official statistics,” says KPMG’s cyber security technical director, David Ferbrache, “extortion attacks have been making a comeback with criminals demanding significant sums for suspending denial of service attacks against targets; not going public with stolen data; and of course providing a ‘service’ which grants access to a ‘client’s data which they had previously hacked and encrypted.”

“While phishing attacks, banking Trojans and large scale low value cash outs have characterised the last 10 years of cybercrime, new techniques are becoming part of the criminal arsenal while firms invest more and more in cyber threat intelligence in the hope of keeping up,” adds Ferbrache, “in 2016 we predict that organised crime groups will become increasingly selective in targeting high net worth individuals, corporate treasuries and commercial bank accounts.”

ferbrache instances scams such as “front running stocks using stolen market sensitive information, or pump and dump schemes using personal data acquired in bulk from unsuspecting banks, insurers and even governments.”

“The EU General Data Protection Regulation and the EU Network and Information Security Directives are likely to be finally agreed in 2016, firing the starting pistol for governments and firms to implement within two years,” suggests Ferbrache, “together these EU interventions set the scene for greater transparency around data breaches, a more robust data protection stance and a Europe wide nudge towards greater cyber security regulation.

“While large international firms are no strangers to an increasingly complex and uncoordinated global tapestry of national cyber security initiatives; smaller firms are likely to come under increasing pressure in 2016 as their larger cousins embed cyber security requirements into their contracting and procurement processes – fuelling both a supply chain security industry and the growth of third party cyber insurance,” says Ferbrache.

“The expected launch of a new National Cyber Security Strategy in 2016 has the potential to signal a new relationship between UK governance and industry, with the new National Cyber Centre at its heart, ” he adds, “in 2016 we can only hope for a nuanced approach to regulation which works with the risk mechanisms in the markets to drive the right behaviours and address the current market failure around cyber security.”

However terrorism will increasingly concentrate on cyber attacks warns Ferbrache. “Terrorist organisations are becoming more and more tech savvy exploiting the internet for propaganda, radicalisation and communications,” he says, “2016 is likely to be the year that cyber resilience starts to matter more than just cyber protection, as governments worry about systemic risks from cyber attacks and critical infrastructure firms start to pay more attention to just how resilient their business models really are to these new threats. The NIST cyber security framework will succeed in becoming the de-facto yardstick for cyber security amongst such firms.”

The problem with hacking is that everyone does it – governments, bankers, companies, criminals, terrorists, pranksters, funsters and geeks with nothing better to do. Even Q in the latest Bond film is a hacker. So, in a world with such a morally ambivalent attitude to hacking, how can the law decide who’s a goodie and who’s a baddie?




  1. Thanks Mike, what a bunch of tossers, Yes hopefully the Yanks will give them a kicking but maybe HMG should demand their extradition and lock them up on Dartmoor. Bloody cheek.

  2. Yeah Well everyone seems to think it’s DDOS Dr Bob though no one can think of what sort of idiot would want to take down the BBC news service. Everyone finds it it so useful.

    • Looks like it was 12 American idiots. Hopefully Hilary or Donald will send them to Guantanamo or somewhere equally appropriate.

  3. I thought it might have been a ddos attack when I tried to get the weather forecast yesterday. Either that or the poor Talktalk service that the Post Office are serving us up with these days (a bit of a lack of due diligence there methinks when they changed their provider)

  4. Well I see Trump is going to abolish private equity’s tax break which will sort out those so-and-dos and, if he can frighten off hackers, terrorists and cyber-criminals, then he wouldn’t be all bad, Mike, and he’d give us some laughs along the way.

  5. Yes the BBC thing came right on cue, Keith, the KPMG guys are right about this – hacking is going to be a 2016 problem on the same scale as IS.

  6. And this morning we see the BBC website go down as a result of a massive DDos attack…

    Oops, just got a ‘you are posting to quickly’ response.

Leave a Reply

Your email address will not be published. Required fields are marked *