We're not losing war against cybercrime - Intel Security
Intel Security CTO reacts to UK National Crime Agency's cybercrime report's claim that criminals are winning the 'cyber-arms race'
Cybercriminals are not winning the "cyber-arms race", according to Intel Security EMEA chief technology officer Raj Samani.
Speaking at an Intel Security summit in Mallorca, Samani refuted a report from the UK National Crime Agency (NCA) which suggested that government agencies and security firms are losing the battle against cybercrime.
The report said: "Accelerating pace of technology and criminal cyber-capability development currently outpaces the UK's collective response to cybercrime. This 'cyber-arms race' is likely to be an enduring challenge, and an effective response requires collaborative action from government, law enforcement, industry regulators and, critically, businesses leaders.
"Government, law enforcement and other bodies have increased efforts to tackle cybercrime. However, these efforts alone cannot and will not fully address the challenges presented by cybercrimes. UK businesses have also made valuable contributions to tackling cybercrime, but there is much more that needs to be done, working with the government and law enforcement to reduce vulnerabilities and prevent crime."
When it was put to Samani that security firms are losing the war against cybercriminals, he cited landmark convictions, including that of Silk Road warlord Ross Ulbricht, as proof that this is not the case.
Ulbricht was handed five prison sentences in 2015, including two life sentences, for running an online marketplace on the dark web to sell illegal products, most notably drugs.
"We are working on operations and investigations with law enforcement forces all across the world," Samani (pictured) said. "The reality is, yes, it is more difficult because they [cybercriminals] are finding ways to be evasive, but we' are still getting arrests, we're still taking down infrastructures and we're still winning multiple battles, and that's what this is about.
"I hate the word 'cyberwar' because I don't think it works. We have to take each battle as we go and in the last four months we've seen the death of the four biggest ransomware families.
"That doesn't suggest to me that we're losing; it just suggests that there's a volume issue, and that we're doing everything that we can do."
Samani explained that Intel Security is working with law enforcement agencies including EUROPOL, where Samani is a special adviser, and explained that it is difficult to find a balance between publicly releasing security updates to help combat ransomware, while not making the cybercriminals aware of weaknesses in their designs.
"When we go out and we say to the industry, 'we have a fix, we know how to do this', three days later they [cybercriminals] come out with a new version that fixes all the vulnerabilities that we identify. People come and say 'you should have kept quiet', but I don't think we can keep quiet.
"We will work with law enforcement and if we can make an arrest and take down the infrastructure, at that point we'll release the information at that time, but I think we've got a responsibility to not only develop those products, but also to assist society and law enforcement to be able to disrupt [cybercrime]."
Statistics from the Office for National Statistics, and cited in the NCA report, claim that there were 2.46 million cyber incidents in the UK last year, affecting 2.11 million victims.
The government is set to spend £1.9bn on cyberdefences over the next five years; almost double what it has spent in the last five years.
A new national cybersecurity centre is also planned, along with two innovation centres designed to drive growth in the sector.