The effect leaving the EU will have on UK cyber crime

Published on 21 July 16

James Follow

Brexit

As most are aware, Brexit has happened and as a result cast us into some uncertain times. The media is saturated with news of impending doom with the spotlight being given to market volatility, financial instability, immigration and so on. But no one has yet directed much attention to the effects Brexit will have on cyber security in the United Kingdom. As it stands, co-operation with foreign countries like France is paramount in the fight against cyber criminals. The ability to share information with each other is vital in combating this threat. Now with this potential security deficit looming over our heads and our alliance with Europe almost in tatters, the outlook is a bleak one.

Cybercrime

Cybercrime has been increasing for a long time. Computing has come a long way, but so has the criminal underworld. Gone are the days where a thief would target someone in the street; not saying that doesn't happen, but criminals can operate from a relative safety of their own home with greater yields. Every day we are exposed to the threats such as Phishing, Spyware, file hijacks, Virus’ and the list doesn't stop there. Today, hacking is one of the biggest threats. Hackers recently hijacked an online petition calling for a second EU referendum, erroneously adding more than 77,000 votes. This was definitely more towards the good-natured end of the spectrum of hacks, but severe nonetheless.

Effect on the UK

The UK will experience increased risk and vulnerability to cyber crime post-Brexit. Some have suggested that the UK would become a preferred target for criminal activity. The truth is, the UK is constantly under threat regardless of its political stance. Criminals can set up and attack from anywhere in the world, thus not making the UK any more vulnerable. A key failing is that cyber security experts are in short supply globally, and now with the added uncertainty for non-UK nationals and visa implications looming, the UK could face a shortage in cyber experts with the availability of adequately trained professionals dwindling.

The EU published its cyber security strategy and created the European Cybercrime Centre (EC3) with the aim of building more substantive online defences. It has since become an integral part of the EU’s fight against cybercrime, providing support to member states and increasing its operational effectiveness through cooperation. It has been agreed by experts that the best way to tackle cyber criminals is to take a cooperative, supra-national stance.

Brexit will produce a complete breakdown of these measures; before the UK isolates itself new agreements and procedures need to be discussed and implemented.

The UK can decide to align with the EU's General Data Protection Regulation and Network and Information Security Directive, but it is probable that needed flexibility will be non-existent. In short, the impact on cyber policy will be determined by how the United Kingdom approaches data protection and privacy issues that were once governed by the EU.

If the UK chooses to adopt less restrictive privacy measures than the EU, it will be free to negotiate its own agreements with other countries. That said, it will have to either become a trusted state or its privacy measure will need to meet the requirements of the EU. The inherent problem here is that the UK and EU economies are deeply affiliated; adopting the EU’s regulations might be the UK’s less painful, more sequential option.

The sharing of technical intelligence, personally identifiable information and law enforcement could suffer. There are entities out there that will hopefully continue to collaborate and share technical intelligence and help identify potential threats, however, the sharing of information and identifying criminals could become troublesome regardless of the UK’s ability to instigate sufficient measures to safeguard sensitive information. Law enforcement will no doubt become difficult. Reduced cooperation is almost a guarantee and prosecutions will fall, the only solution is separate agreements with member states.

The caveat to all this is that we are still part of NATO. This offers substantial security benefits and the sharing of data, although a larger and much more cooperative Europe would be better for all parties involved.

What UK businesses can do about the threat

The best way UK businesses can defend themselves from this threat is by following 11 key rules:

1. Keep your operating systems updated and regularly patched.

2. Have a firewall and software that defends against virus, spyware and other types of attacks.

3. Use the latest version of your browsing software.

4. Encrypt wireless networks.

5. Set up administrative rights so only authorised individuals can install and uninstall software.

6. Use filtering that controls data access.

7. Block access to restricted sites with internet filters - this will prevent employees and hackers uploading data to areas such as cloud storage.

8. Remove or disable USB ports. This will prevent the (more often than not unintentional) uploading of malicious material.

9. Enforce strict password policies, using a combination of letters, numbers and special characters.

10. Produce a disaster recovery plan, in preparation for the worst case scenario

11. Encrypt all drives, folders, and files.

Using data-loss prevention and risk-assessment programmes can drastically increase a network's security by identifying potential weaknesses early on, thus preventing them from being exploited by criminals or the door being opened accidentally by an unsuspecting employee.

Brexit has raised our awareness of the realism of cybercrime and the implications it could have on the UK, Europe, and the rest of the world. Businesses, country leaders, and intelligence networks need to take a robust stance against cybercrime, making cybercriminal’s goals harder to reach. There is a real chance that the UK can continue to maintain a strong defence against this if it negotiates and implements cyber security legislation in line with current EU policies. If this happens, cooperation is almost certain to continue in an efficient manner and we can continue to lead the fight against criminals online. Should we not secure the necessary agreements with the EU though, the UK could fall behind the rest of the world and the outlook would not be pretty.