Cyber criminals ‘don’t take a holiday’ over Christmas, Minister warns

Businesses, other organisations must take precautions, says Ossian Smyth

Cyber criminal "bad guys" intensify their work over Christmas and "don't take a holiday", Minister of State for eGovernment Ossian Smyth has warned,

He made the remarks as he urged businesses and other organisations to take precautions before they close for the Christmas break.

The health service was hit by a massive cyberattack earlier this year which caused chaos in hospitals, delayed patient care and and led to expected costs of almost €100 million.

The Coombe Hospital suffered a ransomware attack last week though patient services are said to be continuing as normal.

Green Party minister Mr Smyth said hackers increase their activity at this time of the year “so it’s a time when your liable to get attacked”.

He also said that the National Cyber Security Centre (NCSC) also intensifies its work.

But he said: “If you’re running a computer system or critical infrastructure or a big company you have to make sure you take all the right precautions before you lock up”.

He added: “the bad guys don’t take a holiday for Christmas”.

Earlier this month the NCSC warned organisations about a new vulnerability in java code, which poses a “serious risk to the security and integrity of data”.

It urged anyone who has been a victim of cyber crime to report it to the Gardaí.

More than 2,500 cyber incidents were reported to the NCSC between January and the start of November this year.

Funding was provided in the Budget to double the NCSC’s staff from 20 to 45.

Mr Smyth said it is to get a new headquarters but in the interim is located at a facility in Dublin that is “completely up to spec”.

He said that while there was previously difficulty in getting funding “all those problems melted away after the cyberattack on the HSE and people were willing to do what it takes.”

Mr Smyth said interviews are being carried out for a new NCSC director and a successful candidate is expected to be appointed early in the new year.

A person was selected for the role in early 2021 but they ultimately declined the offer. The Government approved an increased €184,000 salary for the job in July.

Mr Smyth said the organisation does have an acting director in place – Richard Browne – who was involved in the original establishment of the NCSC and has been seconded from the National Security Analysis Centre in the Department of the Taoiseach.

He said that sometimes organisations contact the NCSC quite late when they have been hit by a suspected cyber attack and that this needs to be done as quickly as possible.

“It’s like calling the fire brigade when there’s a fire in your building.

“It’s a good thing to do and they’re not going to hold it against you for doing it,” he said.