C Level briefing: FireEye EMEA President Richard Turner thinks the “bad guys have been faring better in recent times.”
The JP Morgan hack, even by modern standards, was pretty jaw dropping in its scale. In total 76m private customers and 7m business customers in the US were breached, with latest developments seeing 3 men charged in connection to the incidents.
For Richard Turner, president EMEA at cyber security firm FireEye, those arrests indicate something like progress from law enforcement.
"I think it’s great news that law enforcement are increasing their assets in order to try and address this problem, and really send a message to cyber criminals who today see, frankly, online crime as a safe haven in which to operate," he says.
"I think the criminals do view the internet as a place where they can conduct their activities, where the reward versus risk is very much more towards reward than robbing banks, for example."
Of course, the JP Morgan attack was a bank robbery, albeit a very 21st century one. Turner, however, worries that lower level cyber crime will end up being ignored, as police have to focus on these high profile attacks:
"My concern would be how does this scale? How do you start seeing the petty cyber criminals getting their collars felt, to use an old expression, in the same ways as these big international groups committing massive financial crimes?"
"We just have to accept, the same as we accept on the street, a certain amount of crime is going to take place, and the police can really only go after and deal with the most serious stuff."
Another challenge that Turner highlights is this borderless nature of cyber crime. "Given the lack of geographic boundaries and regulation of the internet bringing somebody to book for breaking the law online involves multi jurisdictional efforts, which have proven somewhat difficult to kind of get organised," he says.
For Turner, that is another praiseworthy aspect of the JPMorgan investigation. "I think it’s positive that its multi jurisdictional," he says. "It would appear to be the US law enforcement authorities working with the Israelis in order to bring down and take to court this group".
Despite what he sees as the progress in the JP Morgan investigation, Turner accepts that it’s "possibly a little bit too early to say that this is the start of a law enforcement fight back, because, we’ve seen an explosion in the number of attacks and not a corresponding increase in prosecutions. So clearly the bad guys have been faring better in recent times."
The TalkTalk hack was proof, if we needed it, of that. Turner also says it demonstrated how these cyber crime groups act as conglomerates in the same way legitimate businesses do, and how hard it is to get to the digital Mr Bigs.
"There’s a suggestion that this guy in Northern Ireland [who was arrested for the TalkTalk attack] is a very low level criminal, the kind of person who sells drugs on the street corner, kind of thing. They’re not head of the cartel, they just part of that machine. We’re seeing that now in the cyber environment, where there’s expertise in particular areas."
It’s not just down to the police or governments to tackle these issues though. "As citizens we’ve got to become more cynical and more vigilant", says Turner.
"We’ve got to make people feel comfortable in questioning stuff because if it looks too good to be true it possible is."