SaaS data loss: The problem you didn’t know you had

A hi-tech skills crisis in law enforcement threatens to set back the wider fight against crime, a report out today warns.

e-crime is on the rise and digital evidence is playing a greater and greater role in mainstream criminal investigations. There are around 140,000 police officers in the UK. Barely 1,000 of them have been trained to handle digital evidence at the basic level and fewer than 250 are currently with Computer Crime Units or have higher level forensic skills. Add in the civilian staff of the Forensic Science Service and its contractors and the pool of full-time expertise is still under 400.

eVigilante risk

"Computer assisted extortion, fraud and impersonation, however great the damage, are on the back burner. Any attempt to change the situation requires change to both the skill levels available and the priorities for deployment," writes David Harrington, author of EURIM's report Supplying the Skills for Justice.

The mounting backlog has led to increased reluctance of by local forces to launch new investigations, which could in turn result in public disillusionment with the law enforcement system. The study warns that if nothing is done people might resort to vigilante tactics. “We face a very real risk of seeing the democratically accountable policing of computer-assisted crime replaced by a combination of vigilante action and the covert privatisation of legitimate investigation,” the study warns.

The launch of the EURIM/IPPR e-crime study in Westminster today brought together industry representatives, police and politicians to discuss ways of tackling the problem before it gets out of hand.

Trusted link

Making greater use of an estimated 8,000 security experts in the private sector is seen as crucial for progress.

Too few police officers have received the necessary training and there is a confusion of qualifications and standards among the civilians who might be called upon to assist. The report calls for the new Criminal Justice Sector Skills Council – Skills for Justice – to sort out the mess and become the lead agency in certifying training courses. This, together with a formal process for assessing and certifying skill levels and competencies of investigators, is seen as the best way to bring more people in to tackle the problem.

UK science and technology company QinetiQ agrees that the criminal justice system needs to exploit private sector expertise to defeat cyber criminals. It argues that because courts need to be sure of the integrity of evidence private sector private sector operatives need to become a "trusted link in the criminal justice chain", working to a robust set of standards. QinetiQ reckons the battle against cybercrime needs to be fought in the boardrooms as well as through the court and criminal justice system.

Neil Fisher, QinetiQ’s director of security solutions and vice chair of the UK’s Information Assurance Advisory Council, said: "The issue of forensic readiness is not one to be grasped solely by the criminal justice system. Companies have a duty of care to their shareholders and employees, just as public bodies have a duty to the taxpayer, to take the issue of cyber crime seriously, both in terms of protecting against the threat and also of being in a position to respond in a way that best guarantees a result in the courts once a crime has been committed." ®

Related stories

E-crime costs UK business billions
MPs urged to reform cybercrime laws
Small.biz told to swot up on Net security
My sysadmin is a special constable
UK.gov announces hi-tech elite police squad
The rise of the white collar hacker

Agentless Backup is Not a Myth