The Digital Economy

Decentralized cryptocurrencies and Dark Web cartels challenge the effectiveness of legislation, jurisdiction and law enforcement. This poses the question, when the economy is becoming more and more dependent on the internet, is the government losing control?

I’ll leave you to make that decision.

The government uses laws and theories to control and protect economic activity. But what is the significance of the Proceeds of Crime Act 2002 when funds are being stolen and converted into Bitcoin – a decentralized currency that no government has control over? What is the significance of international indictment agreements when the Dark Web conceals the location of the criminals?

Untraceable. Unrecoverable.  Unidentifiable. These are all terms cyber incompetent businesses should get used to. Those are the consequences of negligence on the ever dynamic scene.

Arguably, more intelligence could assist in finding and bring criminals to justice as we have seen in many other high profile cybercrime services. When police budgets are being cut, what is the likelihood that petty cybercriminals will be caught when resources are so limited? As traffic to the Dark Web is increasing due to its exposure in the media and on primetime television shows, this pressure is likely to increase.

Furthermore, perpetrators are not limited by national borders. The UK has one of the strongest digital economies in the world, accounting for more than 25% of its GDP. Naturally, all this noise makes it a prime target for cyber criminals around the world. We would normally depend on our government to take the necessary steps to protect our economy, however, the freedoms provided by the internet make this more difficult. Thus being aware of the threats is not only beneficial to you, but the entire digital economy.

The internet has reformed the way we do business. The playing field is filled with opportunity, but is more dynamic, volatile and uncertain than ever before, and is starting to have a big role within economies around the world. Whether that worries you or not depends on whether you are prepared!

PCI Breach Trend Report September 2015 – January 2016

The period September 2015 – January 2016 is covered in this issue of SRM’s breach trend report which looks at businesses that had a requirement for a PFI investigation. The data presented looks at the most common types of businesses affected as well as their trading size to present a broad picture of how breaches can occur across the industry.

Breach Trend Report September 2015 – January 2016

Kane Cutler: youngest PFI in the world

Newcastle-based Kane Cutler becomes youngest cybercrime expert drafted into exclusive Payment Card Industry investigation team

Newcastle-based Kane Cutler has been accepted by the Payment Card Industry Security Standards Council (PCI SSC) as a Payment Card Industry Forensic Investigator (PFI). At 26 years old this exclusive accreditation makes Kane one of, if not the youngest, PFI in the world. Only three companies in the UK operate in this field and Security Risk Management (SRM) which Cutler joined in early 2015 is one of these. He joins fellow SRM consultants Chris McGee and Andrew Linn in this select field.

Kane’s new role puts him at the frontline in investigating cybercrime. At the request of the PCI, his forensic investigation work will often deal with theft, either of significant sums from online transactions or in terms of personal data theft, putting individuals at risk of a host of other fraud issues. He is also likely to be called upon to deal with major incidents of data theft such as those recently suffered by TalkTalk and Wetherspoons.

To become a PFI, you must be a PCI Data Security Standard Qualified Security Assessor (QSA) which requires 5 years’ industry experience. In addition to this, Cutler is an experienced Information Security Officer and Penetration Tester and has significant experience working with the ISO 27001 standard as both an implementer and as an auditor, including identifying risks and implementing remediation recommendations within an Information Security Management System (ISMS).

As an Information Security Consultant with SRM, Kane Cutler is also responsible for diagnosing and remediating any issues that arise in relation to firewalls, protection software, web filters, mail filters, DNS infrastructure, application testing, and intrusion detection systems.

SRM Director Brian Fenwick, who was responsible for recruiting Kane, commented: “As a North East based company with consultants based nationwide we were delighted to recruit Kane in the North East and to assist him to broaden his cyber security expertise. Kane has joined a cutting edge Cyber Security company that has the intention to be at the head of PCI Forensic Investigation in Europe.”


As with any black hat related activity, innovations are always emerging to circumvent security and exploit vulnerabilities. Older forms of ransomware was mostly kept by specific groups of hackers that would utilise it solely for their personal gain.

As of recent times, a new form of ransomware has been identified that affects Windows, Linux and Mac with Javascript code. This nasty program acts as a Ransomware as a Service (RaaS) which allows anyone to download and distribute their own copy as long as they have a bitcoin address.

In return for this service, the developers of this ransomware take 25% of all ransom payments. Victims of ransomware are presented with a ‘lock screen’ which informs them that all their files have been encrypted together with a message demanding a certain amount of Bitcoin payment in order to decrypt their data.

New variations of this malware will continue to rise as they are an easy way of making money and so far there is no way of decrypting the majority of ransomware as they use strong encryption that is used within the Internet.

The worrying factor for this new ransomware is the implications of it being offered as a service as opposed to keeping it within the confines of a few groups; when coupled with ease of use and quick money, it is fairly easy to see how this can spread like wildfire among unsuspecting users.

Time and time again, the basic best practices of security are repeated to warn people of the risks of this compromise. In this case, crucial safeguards would be to avoid visiting malicious websites and being extra cautious with email attachments by verifying the email source.


SRM Blog