Cybercrime: one expert says Ireland may be a soft target
Cyber security ‘needs to be addressed almost as a public health issue’, conference hears
Betsy Cooper: Company “directors are starting to ask questions [about cybercrime], in part because there have been lawsuits against certain boards for failing to take care.”
Ireland, its business and its citizens face a very real risk from hackers. Still, the biggest threat to our national security is not from shady cyber criminals – it is from not being prepared for such attacks.
That is the opinion of Betsy Cooper, currently the executive director of the the Center for Long-Term Cybersecurity in Berkeley, California. Cooper was previously at the cutting edge of international cyber security while working at the US department of homeland security.
“The real focus is to get people to realise that [cyber security] is an important issue and plug those holes so that no actor can get in,” Cooper said this week during a visit to Ireland, where she addressed a cyber security conference attended by representatives from the business sector, the legal profession and Government.
The conference highlighted the need for businesses to be aware of the risks posed by hackers and criminal gangs across the world.
“Hackers are getting more sophisticated, and that is enabling them to make more progress,” Cooper told The Irish Times. She cited the example of an increase in targeted attacks, where hackers send emails tailored to specific individuals, rather than spamming thousands of people with the same email in the hops that someone will click on a malicious link.
A recent PwC study found that the rate of cybercrime in Ireland has almost doubled since 2012 and is substantially higher than global averages. However even as the risk to Irish companies grows, a Deloitte report found that awareness of cyber security issues is higher among Irish executives than their European counterparts.
“Companies are realising that this is an important question for them,” she said. “Their directors are starting to ask questions, in part because there have been lawsuits against certain boards for failing to take care.”
While large financial institutions may appear on the surface to be the juiciest prizes for hackers, the reality is that these targets have systems and personnel in place that make them much harder to breach.
Smaller companies may feel safer because of their size and relatively low value of the assets. But Cooper says they are attractive to cyber criminals exactly because of their size: “There have been an increased proliferation of small companies being targeted because they may have systems which are not as sophisticated.”
A major misconception among companies and employees is that IT departments are responsible for protecting against hacking. The reality, however, is that even if you have the most secure system in place, the weakest link in the cyber security chain is typically human.
“Cyber security is such a central issue for every single employee of every single company because, in truth, the basis of so much attack at the moment is in human failing rather than technological failing,” said Richard Martin, a managing partner at law firm Ronan Daly Jermyn , which organised the conference.
The threat from hackers extends beyond business, however, and threatens the critical infrastructure of the entire country, including hospitals, airports and even the electrical grid. Ireland is a potential victim, Cooper said, simply because it may be seen as a soft target.
“Many of these folks would be playing the long game,” she said. “They would be looking to try and gather information about how critical infrastructure works. That would tell them more about Irish systems and could provide info into other systems.”
As threats grow, so does the need to educate people about the risks of cybercrime. This “needs to be addressed almost as a public health issue”, Martin stressed, with the input of the public sector, private sector and central government, working together.
However, Cooper points out that those making the laws and regulations around cyber security are not necessarily those with the most knowledge. “You have many people making decisions in this area who don’t even regularly use email themselves – or don’t even use computer systems.”