Police CyberAlarm tool launched to help businesses improve their security and cyber resilience
Main article content
The Home Office-funded service helps protect an organisation by passively monitoring internet traffic logs and reporting on suspected malicious activity.
The project has been welcomed by Merseyside Police’s Cyber Dependent Crime Unit. Detective Inspector John Black said “We know that nationally, the average cost of a cyber-attack to a small business is around £11,000 and there are many successful attacks every day in the UK. Cyber security should be a priority for every business no matter how big or small. This is a police-led project which businesses can trust. There is no catch to signing up, it is being offered for free and we want to get as many businesses as possible signed up to the growing network of Police CyberAlarm members.”
Initially introduced in June as a pilot in four regions across England and Wales, Police CyberAlarm has been given the go ahead to roll out to the remaining regions over the next two months.
Every business and organisation in the region can now get access to the free tool. It’s designed to help them understand and monitor the cyber threats they face by providing regular reports of suspected malicious activity, enabling a business to take steps to improve their cyber resilience.
Once a business or organisation becomes a Police CyberAlarm member, they will need to install the ‘CyberAlarm Virtual Server’ which will then collect and process traffic logs identifying suspicious activity from the firewall.
Police CyberAlarm does not see the content of any network traffic. Instead, it monitors metadata in the logs relating to the traffic to identify suspicious activity and is designed to protect personal data, trade secrets and intellectual property.
Detective Inspector Black added “Police CyberAlarm can benefit any organisation with a computer network including SMEs, public and private sector, charities, education and local government.
“The more members we have, the more data we get which will provide law enforcement with a much richer intelligence picture about the current and emerging threats businesses are facing.
“As a Police CyberAlarm member, organisations will benefit from regular reports detailing suspicious and potentially malicious attack activity on their firewall/internet gateway. It will show them how they are being attacked, and where from so they can improve their cyber resilience. It will also help law enforcement identify current threats and take enforcement action against cyber criminals”.
Businesses can sign up on the cyberalarm.police.uk website. They will then receive a unique code and when this is added to their website, it will provide access to full instructions and how to install Police CyberAlarm.
If any organisations require further information, they can find more details at:
They can also email the Cyber Protect Officers at Merseyside Police on: [email protected]
How does Police CyberAlarm work?
Police CyberAlarm Member Benefits
Member Organisations who join Police CyberAlarm receive regular reports detailing suspicious and potential malicious activity seen by their firewalls/internet gateways. These reports can then be used by members to further investigate issues, update security configurations and deliver training where needed.
Data from the Police CyberAlarm system is used to provide feeds detailing the latest threats discovered across the member network, giving all members the ability to update configurations and other security measures to include new IP addresses and other relevant information to better protect against future cyber threats.
Police CyberAlarm vulnerability Scanning can be used to scan an organisations website and external IP addresses for known vulnerabilities. These regular reports can increase an organisations cyber security and help protect from known suspicious activity vectors.
Increase Efficiency of Evidence Gathering
As Police CyberAlarm provides details to the Police automatically, evidence from internet-facing logs will be in police possession prior to an incident being reported. This can help both the police and victim(s) to progress investigations more quickly.
How Members Help the Police
Through regular reporting, Police CyberAlarm provides customisable views of Local, Regional and National cybercrime incidents and trends. This reporting allows police cybercrime units to adapt their support to meet the emerging threats as they evolve.
Police CyberAlarm also allows police to supplement the suspicious activity data, gathered by CyberAlarm, with Open Source Intelligence (OSINT) such as geolocation of malicious actors, to aid investigations and prosecutions of cyber criminals. This capability is also used to allow individual forces to identify local attacks on local victims which can then be dealt with more swiftly.
Staying Ahead of the Criminals
By using the data provided by Police CyberAlarm members, police are able to stay up to date with both the latest threats and potentially emerging threat actors. This will allow officers to be better informed when engaging with organisations and members of the public, offering more relevant guidance on how to protect from cyber threats.