An important tISS information security workshop around eCrime took place in Birmingham this week. It brought together the government’s PCeU (Police Central eCrime Unit) and security chiefs from some of the UK’s leading corporates. It was an important milestone in building a working relationship between business and the authorities responsible for stemming the increasing tide of eCrime.

The workshop identified some important trends in the development of eCrime.

• Significant increases in the production of Malware. Nearly 6,000 new varients discovered each day.
  Attacks have switched from ‘high profile but short lived’ to ‘stealth mode’, low value but exceedingly high volume that simply sneak under the radar.
• 40% of the world’s websites are devoted to social networking. These are soft targets with 77% of employees having Facebook type accounts and over 60% of them accessing during working hours. Companies urgently need to review policies in this area.
• The next major area for attacks are web enabled mobile phones.

PCeU is building it’s capacity and has a number of successful prosecutions under it’s belt. The unit advised organisations to report instances of actual or suspected eCrime and they promised to work with organisations on issues of confidentiality.

The delegates agreed that eCrime in the corporate world was often industry specific and urged organisations to build up their network of contacts within their own sector in addition to cross sector contacts.

When purchasing software, whether for mainstream applications or mobile devices, companies need to exercise due diligence to verify it has been designed and built to the correct security standards.

Companies must continue to highlight the risks of eCrime to staff and their families at home particularly the risks of: divulging personal data, spoof websites, social networking or gaming sites, and mobile phones. Self interest is a great route to engagement with work related security requirements.