Interpol: ‘We’re witnessing an unprecedented surge in cybercrime’

INTERPOL cybercrime director Neal Jetton has called for a “total 360-degree strategy” to tackle the global cybercrime crisis.

Speaking at Holyrood’s International Law Enforcement in a Digital Age event in Glasgow, Jetton told delegates the rise in cybercrime cases is “staggering”, urging for a “team effort” approach to ensure people and the economy remain safe.

Research shows cyber-attacks have increased by 30 per cent in the second quarter of 2024 and the average global cost of cybercrime stands at $18m. Police Scotland report almost 50 cybercrimes daily.

Jetton said: “This isn't just a statistic, it's a wake-up call. Cyber is all-encompassing; with the emergence of AI and quantum computing combined, combating cybercrime will only get more complicated. No one agency, no one organisation, no one country can do this on their own.

“It obviously involves law enforcement officers on the physical and digital front lines. It involves the private sector sharing data and expertise. We require academics and researchers to develop the latest tools and technologies. We need trained legal experts to ensure justice is served, and we need every citizen to practice better cyber hygiene.”

Freha Arshad, managing director of Accenture, acknowledged Jetton's point on collaboration, and said cross-sector partnerships had the power to bridge the skills gap: “Skills are limited, and we do need quite SME deep technical skills, and they are scarce across the globe - [it] doesn't matter which country you're in.”

Currently, there is a global skills shortage of almost 4 million cybersecurity experts, and in the UK it is estimated that around half of businesses have a basic skills gap, with employees responsible for cybersecurity lacking the confidence to carry out basic tasks.

Arshad added: “At the end of the day, you do need a well-rounded security technical architecture team to have a robust secure-by-design program. And again, the advantage there generally lies with the larger organisations, so the small SME’s may need a little longer to fully implement. I would hope that as secure-by-design guidelines and implementations become the norm we'd see more of a roll-out, but it's going to take time.

“We needed it yesterday and we're not going to get it by tomorrow. That's the challenge with secure-by-design, but it's absolutely stepping in the right direction.”

Detective Sergeant of Cybercrime Investigations in Scotland, Kelly Thorburn, highlighted how the expertise shortage is impacting authorities north of the border, pointing out a training divide within organisations: “What you find is that you only get that [cyber-training] when you come to specialist departments like what I'm in now. Obviously on the front line, they are getting a much, much lower level of that because they have to cover every topic that we need to police. 

She added: “It's a massively steep learning curve and it's moving so quickly that the public sector is always going to struggle to keep up with that. Because everything just naturally moves slightly slower in public sector areas, which we all know. So, it's good to get that insight from private sector… We know that we have limitations.”

Jude McCorry, chief executive of the Cyber and Fraud Centre Scotland, urged delegates to move on from a “victim-blaming” approach to encourage people to report crimes and allowing for a better sharing of intelligence between stakeholders.  

“We don't treat the victims of cybercrime in the same way as we would treat somebody who was a kidnapped or somebody was assaulted on a street.

"We have to make sure that people [who suffer from a cyber-attack] do realise that they are victims of crime, and that they do report it. Just because it hasn't physically happened to them, it doesn't mean that they shouldn't be reported to the police. If it's not reported, we don't have the intelligence and we don’t know the extent of the problem.”