Gov 'is not taking cybercrime seriously'

Home Office 'will miss out on top IT talent' with volunteer cybercop plan

IT security experts have trashed Home Office plans to recruit volunteers to tackle cybercrime, saying the government is not taking the issue seriously enough.

Home Secretary Theresa May plans to bolster the police's efforts to battle digital crime by empowering police forces to sign up IT workers as volunteers.

The proposal, aired again by the Home Office last week but first revealed in a consultation document last year, would allow room for volunteers to take on greater roles "as their experience grows".

But cybersecurity experts denounced the plans, saying the government should hire specialists instead of volunteers if police skills are not up to scratch.

Advertisement - Article continues below
Advertisement - Article continues below

Graham Cluley, an independent computer security analyst, told IT Pro: "[It] doesn't sound like they're taking the problem seriously to me. Cybercrime is on the rise, and clearly the authorities need proper investment and resources to tackle the growing problem. 

"My concern would be that the authorities would be unable or unwilling to pay the kind of salaries that would attract the top talent - and so many talented individuals won't be interested."

IT security workers command a wage of between 50,000 and 57,000 in London, according to recruitment firm Randstad Technologies.

But digital offences make up 44 per cent of total crime according to ONS data released last October, which showed that 3.8 million Britons were victims of a total 5.1 million incidents of online fraud, malware, or phishing attacks in the previous 12 months.

Cluley said it is worth paying the price for experts who can help.

"Until fighting cybercrime is seen as something which saves the country money rather than costs us cash, I don't see the situation getting any better," he said.

Advertisement - Article continues below

Security firm Digital Guardian pointed out that the plan overlooks a gap in expertise that already exists in cybersecurity, a problem which has been recognised by Chancellor George Osborne.

Thomas Fischer, principal threat researcher, said: "For many years the infosecurity industry has faced a recruitment drought. As a result, individuals that do meet the required training standards are highly sought after assets, likely to be in well-paid positions, with very little time to do volunteer work on the side."

However, the Home Office insisted it is committed to tackling cybercrime, highlighting measures such as an 860 million investment in the National Cyber Security Programme.

IT Pro understands that volunteers would look into minor offences that stop police focusing on more serious crimes, but security firm Malwarebytes said working alongside police is different from grass-roots action against hackers.

Advertisement - Article continues below

Malware intelligence analyst Chris Boyd told IT Pro: "Working with police in an official capacity is a whole new ballgame, and there's not just the technical aspect to consider - you could well be getting involved in cases where there could be significant risk to yourself or others.

"One hopes the police would make them sign an equivalent of an NDA before signing up."

Advertisement - Article continues below

It is not clear whether the Home Office would meet other costs, such as the price of equipment volunteers would need to work on.

Boyd said: "If this is to be successful the volunteers need to be supplied with standard-issue machines running the tools they need to get the job done. We can't have work like this done on someone's personal computer, especially if there's a chance it could have been compromised beforehand."

The government must also decide what security solutions run on these machines before signing up volunteers, he said. 

The consultation in which the proposal was contained has concluded, though the government has not given a timeline for when police can begin recruiting volunteers.

The Home Office declined to comment.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now


Policy & legislation

Government announces review of IR35 off-payroll changes

8 Jan 2020
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020