Spoiler alert: If you’re not up-to-date with Line of Duty, be warned because we give away some of the show’s big twists
If you’re like us and have been gripped with Line of Duty fever over the past seven weeks, you will have been passing away the hours trawling forums, Facebook groups, and the internet, filling up on fan theories about the mysterious ‘Fourth Man’. Also, like us, you might have felt totally robbed by the revelation of it being a certain Ian Buckles.
Nevertheless, while we were digesting the greatest TV disappointment since the Game of Thrones finale, another thought popped into our heads. The series doesn’t just tell a story of AC-12 and police corruption, but it also draws parallels to what – for the purposes of this article – we’ve coined as OCS (Organisational Cyber Security).
So, take a seat in the glass box and wait for the long beep. There’s one thing and one thing only we’re interested in here, getting cyber secure!
As each series went on, Line of Duty baddies got their hooks deeper and deeper into the East Midlands Constabulary. Cyber criminals are looking to do the same in our organisations.
Like the police, charities hold information that is attractive to hackers. It’s not drugs, weapons or incriminating evidence, but we do store personal, sensitive, and financial data that can be sold, held ransom, or used to steal funds.
The show categorised its antagonists as the OCG (Organised Crime Group) and ’bent coppers’ and both share some interesting similarities to the cyber criminals of today.
The OCG had many different layers, but at its core it was an organisation hell bent on causing the most damage it possibly could while benefiting itself. The OCG took things by force, held people against their will, and punished those who stood in their way.
The OCG are comparable to malware and ransomware cyber criminals. Malware typically consists of code designed to cause extensive damage to your systems or gain unauthorised access to a network. Ransomware is a specific type of malware that threatens to publish your charity’s data or perpetually block access to it unless a ransom is paid.
The secret weapon of the OCG was PC Ryan Pilkington. Yes m’am, a wolf in sheep’s clothing, Pilkington was indoctrinated into the OCG at a young age and infiltrated the police throughout series six. On the surface he looked like a police officer, but behind the baby face and uniform was one of the most ruthless characters in the entire show.
PC Ryan Pilkington was Line of Duty’s version of a phishing criminal. Ryan continuously puppeteered criminal operations from inside the Murder Investigations Team, leaking information, manipulating records, and disrupting day-to-day tasks. Phishing criminals often pursue similar methods.
Phishing is a cyber crime in which charity employees are contacted by email, telephone, or SMS by someone posing as a legitimate institution. The individual will attempt to lure charity employees into providing sensitive data, such as personal information, banking and credit card details, and passwords.
Phishing makes up almost 80% of charity cyber attacks. As easy as it was for the police to be breached in Line of Duty, it’s the same for charities. Even here at Charity Digital, we were not immune to the attacks of phishing criminals, as disguises become harder to spot and their knowledge of your operations becomes more sophisticated. We suffered a phishing attack in January 2021 and shared our experience and our learnings in a recent webinar you can view here.
Viewers seem to have found bent coppers and the mysterious ‘H’ particularly appealing. The infamous Dot Cotton as ‘The Caddy’, the manipulation of Gill Biggeloe, the arrogance of ACC Derek Hilton, and the incompetence of DSI Ian Buckles kept us enthralled throughout the series.
These characters, as it was so elegantly put in the last season, “pass on the messages” between OCG and other police officers, as well as share relevant information and data on operations that will affect the criminal dealings of those pulling the strings. Essentially, they were spies, and cyber criminals can do the same to our organisations with spyware software.
Spyware software enables a user to obtain information about another’s computer activities by transmitting data covertly from their hard drive. It can affect any type of device.
Spyware usually finds its way into systems when a user accepts a prompt or pop-up without reading it first, downloads software from an unreliable source, opens email attachments from unknown senders, or pirate’s media such as movies, music, or games.
It is often hard to notice if you have spyware on your machine, but there are lots of tips, tricks, and software you can use to remove and prevent spyware attacks.
As internal infrastructure crumbled in Line of Duty, the OCG were able to carry out their criminal activities with more and more ease. Lockdown has had a similar effect on cyber security. Mix mass remote working with less focus on cyber security and an increase in cyber activity, and you’re left with a sector that has never been so vulnerable.
So, how do we protect ourselves from cyber threats? Unlike the show, not every charity has their own AC-12 and while it may not be possible to have the whole crew, each organisation can benefit from a Ted, Steve, Kate, or Chloe, among others.
CC Philip Osbourne, DCC Andrea Rise, and DCS Patricia Carmichael
Some of the most frustrating characters on Line of Duty were the officers in positions of power that didn’t put the time and effort into eradicating ‘bent coppers’.
They didn’t want to believe that there was a problem and viewed the search for bent coppers as a hindrance to general police work. This sentiment is shared throughout the charity sector when it comes to cyber security. Most leadership teams know about it and know the risks, yet they don’t carry the belief that they will ever be affected.
The East Midlands Police hierarchy were also worried about how acknowledging police corruption would affect trust. A brush under the carpet tactic that would backfire.
As every officer served a Reg-15 notice has the right to be questioned by an officer at least one rank above, you as a charity leader have the right to protect your stakeholders. Failure to protect your charity from cyber criminals can lead to a breakdown of trust with staff, donors, and services users. In addition, it can lead to the loss of data, earnings, and even criminal proceedings that can seriously damage your organisation.
A great way to start is by doing the NCSC cyber essentials certificate.
Lindsay Denton, Jo Davidson, John Corbet, Tony Gates, Danny Waldron, Roz Huntley, and Maneet Bindra
Conversely, a lot of fan favourites were the morally ambiguous police officers that unintentionally found themselves on the wrong side of the law. Through poor decisions, bad experiences, or in some cases no fault of their own they found themselves committing or being coerced into committing acts against their character.
It’s the amazing staff that work for charities that serve on the front line of charity cyber security. One in five charities were targeted by online criminals in the last year, with 80% of charity breaches occurring from phishing.
Fraudsters specifically target charities because staff and volunteers often receive less online security training than employees in for-profit organisations. Simple training on how to spot phishing attacks can greatly reduce the likelihood of your organisation being victimised.
But cyber training is not a case of one and done. The landscape is continuously changing and cyber-aware leadership teams should be running regular sessions and sharing resources to keep cyber security front of mind throughout your organisation.
The NCSC, Home Office and organisations like ourselves are always releasing new content and training to help charities keep up to speed.
A lot like Lindsay Denton’s pursuit of Danny Waldron’s list, as a member of staff in any role of a charity, you can be the cyber security flag bearer for your organisation. It can be hard to get leadership to take cyber security seriously, but as Danny showed, it just takes one person to start a revolution.
Charity employees can help bring managers, CEOs, and boards to the table by telling them what they need to know. Educate them on cyber threats and how they can get help setting up cyber strategies through the likes of the NCSC.
Superintendant Ted Hastings
At the very least, every organisation should have a dedicated person or team responsible for leading the fight against cyber security. This could range from one person to an IT team, a Data Protection Officer, or a Chief Technology Officer.
Ted Hastings, The Gaffer, is the leader of AC-12 and is relentless in his pursuit of eradicating police corruption. Yes, he has issues, as we all do. But his commitment to the cause trickles down to his team. He provides them with training, support, and guidance which ultimately helps keep their goal front of mind, even when there’s lots of other moving parts.
Line of Duty tells us that organisational buy-in to cyber security needs strong leadership. Having a leadership team dedicated to keeping you, your charity, and your users secure means you’ll be “sucking diesel” when it comes to protecting yourself from cyber criminals.
It’s important to marry good leadership with the right tools. And it always helps to go into an operation with a solid and effective ARU.
DI Kate Fleming is your organisation’s threat intelligence software. In Line of Duty, the tenacious DI often works undercover and provides valuable information back to her team to help progress investigations and rumble the baddies. Like Kate’s importance to her team, having threat intelligence software can help monitor and even stop criminals before they start. The software monitors leaks of employee credentials such as passwords and emails online. It flags findings and allows you to make the necessary changes to stop the hackers before they have a chance to launch an attack. it is a sophisticated tool that matches the current sophistication of today’s cyber crime.
DI Steve Arnott has been the most dogged and durable of all the AC-12 officer since the very beginning. He has often been the unit’s first line of defence and leads the charge against most of the suspects. Love or hate his methods, every team needs a Steve, and every organisation needs Antivirus. Steve is to anti-corruption what antivirus is to charities, a firewall, anti-spam, smart scan, and more all rolled into one. Having all your employees and your devices fitted with anti-vrus software is the first line of protection against cyber criminals. A robust antivirus software can protect you from all types of Malware mentioned earlier – keeping out your Dots, your Hiltons, and even the most aggressive of OCG members. And it doesn’t have to cost as much as a full-time copper either, you can get our Avast subscriptions from £6 per user – “Cheers mate!”
DC Chloe Bishop and DC Georgia Trotman may have been supporting parts in the show, but they were integral to the investigations carried out by AC-12. They are overlooked but invaluable members of the fight against crime. In a charity’s cyber security setting these are your password managers, your VPN, your multi-factor authentications (MFAs), and your patch updates. Again, these aren’t particularly expensive tools, there are many free and low cost versions of password manager out there like Okta and Dashlane. Microsoft and Google both offer their own MFAs for emails and files. And most security software companies offer a patch management tool to support your antivirus. Like good AC-12 teammates, the more of these tools you can add to your arsenal, the better equipped you are to fend off potential criminals.
Who would have thought there would be any crossover between cyber security and Line of Duty? If you’re looking for cyber security resources, guides, tools, and training, head over to our Cyber Security Hub to check out more articles, webinars, podcasts and videos.