From data theft to attacks on government systems, internet crime is a growing threat, costing the global economy an estimated £266bn every year. With high-profile hacking incidents making the news, how vulnerable is our personal information, and how is Southampton helping to combat cybercrime?

Threats to online privacy and security come in various forms, as Dr Kieron O’Hara, Associate Professor and Principal Research Fellow in Electronics and Computer Science, explains. “At a national level, there are threats from states and terror groups, who might be involved in espionage or seeking to attack important critical infrastructure. We’re under surveillance by our own intelligence services in an attempt to fight such threats. Then there are cybercriminals who are after something they can monetise, such as personal data.”

Getting personal

Personal data was the target of the attacks on TalkTalk and toy retailer VTech, which hit the headlines recently. As well as causing concern for countless customers, such breaches place a huge financial burden on organisations – estimates put the cost of the TalkTalk hack at around £35m. And it’s not only big businesses that are vulnerable. A recent government-commissioned survey showed a rise in attacks by unauthorised outsiders on organisations of all sizes, with 69 per cent of large and 38 per cent of small businesses affected in 2014/15.

“All companies that trade online collect data, and there are legal requirements that should be in place to protect sensitive personal data, such as bank details, billing addresses and dates of birth,” says Kieron, whose own research focuses on issues relating to online trust, privacy and security.

An organisation that deals with sensitive data all the time, such as a financial company, will have security uppermost in its corporate mind because its business model relies on trust. However, other types of companies may see it as more of a bolt-on. When the TalkTalk breach happened, the chief executive had no idea whether the data was encrypted or not. It turns out it was not encrypted, but what’s more shocking is that she didn’t know.

“Passwords and encryption make life harder – that’s true for individuals as well as companies. But it’s very important that those measures are in place; at the moment they’re not always built into standard data management practices.” Kieron adds.

Profiting from stolen data

So how do hackers gain from exploiting these vulnerabilities? “On the dark web (a hidden, anonymised area of the internet) there are eBay-style sites where stolen data is traded,” says Kieron. The data can be used to target people’s bank accounts and credit cards, or to tailor email scams. But data breaches aren’t the only threat to businesses. Other tactics include denial of service (DDoS) attacks, which involve bombarding a company website with millions of emails, causing it to crash, and then holding the company to ransom. “Another relatively recent type of attack is to encrypt someone’s hard disc and demand a payment in return for the encryption key,” Kieron adds. “This is happening increasingly to individuals as well as businesses, and is enabled by the availability of anonymised ways of paying such as bitcoin.”

As individuals, the types of cybercrime we’re most likely to encounter are phishing (attempts to capture passwords and bank details via bogus emails or websites) or being infected with malicious software, known as malware. “Criminals may do this so that they can use your computer to send out more spam or launch a DDoS attack. Or they might just observe your online behaviour to find out where you shop, where you bank and so on, so that they can create a targeted phishing attack that is more likely to be successful.”

A hub of expertise

As internet criminals become more prolific and more sophisticated in their methods, new ways to counter them are urgently needed. With the launch of a new Cyber Security Academy, the University is part of the drive to help the government, businesses and consumers become more resilient to cyberattack.

The Academy will work in partnership with government and industry to investigate real-world problems; its current core partners are the Defence Science and Technology Laboratory (Dstl), Northrop Grumman and Roke Manor Research. The aim is to attract further partners from a range of industries to create a ‘technopole’ – a regional hub that will bring additional expertise and investment into the area while conducting globally relevant research.

Ged Powell, Business Manager, is responsible for handling all the non-academic aspects of the new Academy, including business planning and partnership management. “We will focus on current and anticipated challenges and devise research programmes to tackle them,” he explains. “We’ll also offer training to boost industry capability, as well as running a four-year cybersecurity masters course. There is a massive shortfall of trained professionals coming through to address cybersecurity issues, so this will help to generate a pipeline of highly trained experts.”

The Academy builds on the University’s exemplary reputation in this field. “In 2012 the University was awarded ‘Centre of Excellence’ status by the British intelligence agency, GCHQ,” says Ged. “This recognises the high quality of our teaching and research in cybersecurity, which combines our expertise not only in computer science but subjects such as business, psychology and law. It’s a genuinely interdisciplinary area.”

Professor Vladimiro Sassone, the Academy’s Director, adds: “The Academy is a timely initiative and is fully aligned with the UK government’s National Security Strategy. There is a pressing demand for cybersecurity, and in the next 20 years cyber research will have the same kind of momentous social and economic impact as medical research had in the 20th century.”

Protect yourself online

· Use a firewall and invest in some reliable anti-virus software, and keep it updated.

· Make sure your password is robust – try to avoid recognisable words and use punctuation marks, numbers, upper and lower case letters.

· Approach your inbox with caution – phishing scams are becoming increasingly convincing.

· Don’t click on links in emails unless you’re confident of the source. If in doubt, type links into a browser and look for the locked padlock symbol in the address bar.

· Think about what you share on social media sites.

· Keep your computer’s software up to date.

· Back up your data, photos, downloads and documents regularly, just in case.

For more tips visit Get Safe Online

Have your say

The poll in this article is optional and anonymous. The polls are covered by Ethics 17326.