Establishing the UK’s national cyber crime capability was not in the imagination of the young Charlie McMurdie when she, aged 14 and too eager to wait, applied to join the police. “It just all seemed so exciting,” she says, “and I was an outdoorsy person, always active, so the police force seemed like the perfect place for me. And maybe I watched too much Z-Cars…”
In the end, she stayed on at school and completed her education, subsequently securing herself a Criminology and Policing Science degree after joining the Metropolitan Police in 1981. Charlie was embarking on a 32-year career in law enforcement that would take her up to the rank of Detective Superintendent with Scotland Yard and involve establishing the force’s first cyber crime unit in the fledgling days of data security.
Her involvement with cyber crime came along by chance. She was into her second decade of policing when an internal move placed her with the fraud squad. The team were increasingly being told by financial institutions about digital crimes, incidents that needed rapid responses to match the speed of the criminal activity and the size of the data and money that was going missing.
“This was around 2006, and cyber security wasn’t much talked about,” Charlie explains. “Fraud investigations can take a very long time, but it was clear that we had to be able to act fast with cyber crime. The longer these crimes go on, the more damage they cause. We had to build a fast-time intelligence sharing approach and get a whole range of different groups involved so that we could react quickly and catch the criminals.”
Charlie was, effectively, building a new unit and a new approach from scratch. “There was no roadmap – this was completely unchartered territory at the time,” she says. “I was an experienced police officer but I had no technical cyber expertise, so we recruited great detectives and partnered with industry to utilise the specialist skills and built a team. I loved the pace and tempo of it – and I loved the challenge of building a completely new multidisciplinary unit.”
She had the privilege of watching the unit grow from a dozen in the initial team to units across the country, ultimately forming the foundation of the UK’s national cyber crime response – now part of the National Crime Agency. The challenges grew as the unit did, with an exponential rise in the rate of crimes being reported and constant change in the method and approach, although Charlie points out that ransomware is one that has never gone away: “even in the early days that was a big thing.”
After years of tracking criminals in the physical world, Charlie was surprised at how “cyber criminals like to brag. Usually when we pick up criminals, they say nothing, but online the criminals are always sharing their ‘achievements’ and demonstrating their methods to their peers. This is why scams can take off so quickly. We need to emulate that agility in our response; sharing knowledge and capability to help speed the reaction.”
She retired from the Force in 2014 but has taken her new-found passion with her, applying her experience to new challenges and new technologies. She works as a consultant and public speaker, focusing on the ways in which law enforcement and industry can minimise the opportunities for criminals to exploit innovative technologies.
“How we are using new technology, the connections we establish and our dependency on it all present a real challenge today,” she explains. “For example, IoT devices made to perform a function, like a smart toaster or fridge, are often built without a thought for security, but they are being plugged into our networks (pardon the pun) and present vulnerabilities that can be exploited.”
While she believes all businesses have a responsibility to take cyber security seriously, there also needs to be “mainstream awareness of the risks. Every one of us has a responsibility to keep ourselves safe and secure online, and we should always be thinking twice about our activities.”
It is not all warnings and reminders, though. Charlie welcomes what she sees as a shift in security from being “simply standards and requirements” to “an opportunity to accelerate, secure more business, and bring different sectors together to deliver more innovative solutions.”
Her optimism and enthusiasm make her a lively conversationalist, but with decades of experience at the frontline of cyber crime, she knows it’s an never-ending battle: “It’s such a fun and rewarding process,” she says. “Every day there is a new challenge, a new opportunity, the chance to innovative and go after the bad guys! Who wouldn’t enjoy that?”