Hot on the heels of Safer Internet Day a new European wide survey conducted by Eurobarometer was released today. The survey asked various questions of people from across the EU on how cybercrime has impacted on their lives. The survey makes for interesting reading, in particular in relation to the data focusing on Ireland.
One of the problems in trying to gauge the impact of cybercrime here in Ireland is that we often are at the mercy of vendor reports. While these vendor reports do well to highlight certain issues, they inevitably are biased towards the services or products the vendor is promoting.
The other problem we have is that more independent reports on cybercrime tend to focus on the US, the EU, or the United Kingdom. So data pertinent to Ireland is often difficult to get.
So this report from Eurobarometer is a welcome change to the typical surveys we get. While it does focus on the consumer experience it does highlight some areas of concern, in particular peoples’ habits on password reuse across systems and not installing anti-virus software on their devices. From a corporate point of view, those consumers are also employees within our organisations so bad habits they generate in their own personal lives may transfer over into their business lives.
One way to tackle that issue is to implement effective security awareness programs. At BH Consulting we can develop bespoke security awareness courses for your requirements and/or provide you with state of the art CBT training in the form of Securing the Human.
Some of the key figures that jumped out at me were;
57% of Irish people admit to opening emails from people they don’t know
Only 26% of Irish Internet users regulalry change their passwords
75% of Irish people surveyed use the same password across different sites and online services.
9% of Irish Internet users have been the victims of identity theft
10% of Irish Internet users were the victims bank card or other online banking fraud
7% were victims of Ransomware where they had to pay criminals in order to restore access to their own device
The annual IRISSCERT Cyber Crime conference is due to be held on November 23rd this year. As usual the conference is an opportunity to learn about the latest threats in cyber crime and strategies to deal with those threats. IRISSCERT has has its call for papers open for the past few weeks and it is due to close at 17:30 GMT on Friday the 22nd July.
If you have some thoughts, research or ideas that you would like to share in an open and trusted environment then you should submit your idea to the CFP form (MS Word Doc file) and send it to [email protected].
Remember cyber criminals are sharing their tactics, tools and other information on how to attack us, isn’t it about time that we shared our ideas so we can better defend ourselves?
IRISSCERT, (the Irish Reporting and Information Security Service) will be holding its annual conference on Cyber Crime in the D4 Berkley Hotel on November the 18th. The event looks to be very interesting especially as attendance will be free.
This all day conference will focus on providing you with an overview of the current cyber threats facing businesses in Ireland and what you can do to help deal with those threats.
Experts on various aspects of cyber crime and cyber security will share their thoughts and experiences with yousuch as representatives from;
In parallel to the above speaking sessions Ireland’s premier Cyber Security Challenge, HackEire, will be held to identify Ireland’s top cyber security experts. HackEire will see 10 teams, up to a maximum of four people per team, compete against each other in a controlled environment to see which team will be the first to exploit weaknesses in a number of systems and declare victory. The purpose the HackEire competition is to demonstrate how attackers could gain access to your systems and allow you to learn from the event on how to prevent such attacks from impacting your network.
The conference will be open to anyone with the responsibility for securing their business information assets. There is no charge for those who wish to attend.
The IRISSCERT Annual Conference is an opportunity to not only increase your knowledge but also to meet and network with your peers in a relaxed environment.
The SiliconRepublic.Com and RTE both report today that the Garda Bureau of Fraud Investigation is investigating a number of incidents where businesses in the west and midlands of Ireland have been targeted by online criminals. Apparently the criminals have accessed the computer systems of the affected businesses and encrypted important business information belonging to those businesses thereby making it unavailable to them. The criminals are looking for a sum of $700 to provide the victims with the key to decrypt their information.
The Gardai have asked that any businesses that have suffered this attack to make themselves known to the Gardai.
In the abscense of knowing the details of how the criminals were able to gain access to the affected systems I recommend the following steps to protect your company falling victim to the attack;
Ensure you have a robust firewall installed on your network to protect it from unauthorised access from the Internet.
Ensure your anti-virus software is up to date and has the latest signatures.
Make sure all your software have all the latest security patches installed.
Educate your users so they do not fall for online social engineering scams and they do not open attachments or click on links in emails that they are not expecting.
Check your critical security logs for any suspicious behaviour.
Ensure users only have access to data that they absolutely only need access to.
Make regular backups of your software and data. In the event you fall victim to the attack you can recover your information from a recent backup.
Regularly test your backups to make sure that they are working and that you can restore from them
In life timing is everything and events often seem to conspire with each other. A few days after my poston Ireland not having a cyber security strategy the Department of Communications have issued a Request For Tenderfor the development of a national cyber security strategy.
Lets hope that however wins that contract develops a strategy based on the unique needs and environment that operates here in Ireland.
Castlecops the volunteer website set up to help fight against internet fraud and scams has sadly closed its doors. Despite being the targets of many DDOS attacks, Castlecops managed to keep up and running and be a thorn in the side of cyber criminals. However, it looks like the volunteer group has finally had to close the site down. When you arrive at the home page of the Castlecops site you get this message;
You have arrived at the CastleCops website, which is currently offline. It has been our pleasure to investigate online crime and volunteer with our virtual family to assist with your computer needs and make the Internet a safer place. Unfortunately, all things come to an end. Keep up the good fight folks, for the spirit of this community lies within each of us. We are empowered to improve the safety and security of the Internet in our own way. Let us feel blessed for the impact we made and the relationships created.
With respect to the server marathon, by March 17 2009 CastleCops will refund contributions made through PayPal that were specifically designated for servers. Unfortunately, server donations made via check cannot be returned because we do not have the addresses for the donating entity. Unless instructed otherwise, CastleCops will re-allocate these funds as a donation to the Internet Systems Consortium (ISC.org). This organization sponsored our hosting environment for approximately the past 2 years. Please contact us [cc at laudanski dot com] before March 17, 2009, if you would like a return of your server marathon donation. Otherwise, we would like to thank the ISC for their unfettered support.
We thank everyone in creating our unique footprint and memories in time.
Love, Best Wishes and Happy Holidays, CastleCops
PST 23 Dec 2008
This is a great loss to the greater Internet community. If any of the volunteers happen to come by this Blog I would like to say thank you for your efforts and hopefully your talents, experience and skills are still being used to tackle cyber crime.
What is interesting is that 1 in 4 organisations surveyed admitted to having experienced an external intrusion into their systems. While 30% stated they experienced denial-of-service (DoS) attacks.
One figure that struck me was that despite a high number of organisations reporting internal security breaches, only 14% of those surveyed were concerned about employees accessing data they should not, and only 8% rated internal intrusions in their top three security concerns.
Organisations need to wake up that one of the biggest threats to their security is their own staff. If we look at the recent spate of reported data losses here in Ireland the vast majority resulted from lost laptops or mobile devices.
So when it comes to securing your systems and your information, remember those that you trust the most are the ones that can hurt you the most.
Apparently the EU is proposing an Internet crime hotline so people can report online crimes to Europol. The Irish Justice Minister, Dermot Ahern, supports the move. While I support any moves to make the lifes of cyber criminals more difficult I do find it frustrating that our own government does not see fit to set up a CERT to provide for users of the Irish Internet space.
The Estonian Government has released a strategy paperon enhancing cyber security. This is an interesting read as we can all learn from the lessons of the cyber attacks against Estonia last year. The report makes for interesting reading and yet it is still sad to see that governments and many organisations only take computer security seriously after they have suffered a major attack.
Do you think this paper would have seen the light of day had Estonia not been a victim to a major Distributed Denial of Service attack last year? I also wonder how many government officials here in Ireland are working on a similar paper to defend the Irish Internet space?
Eleven people have been charged in connection with a major hacking ring that allegedly compromised over 40 million credit card records at TJX Corporation, which also runs the TK Maxx stores here in Ireland. Three Americans are amongst those arrested with two other individuals held in Turkey and Germany. The remaining six people are still at large, two are from the People’s Republic of China, two from the Ukraine, one from Belarus and one other whose true identity is not known.
The above demonstrates the international nature of cyber crime with people involved from around the globe. This makes the fight against online criminals even more difficult as law enforcement have to deal with inter-jurisdictional issues. Given this we should congratulate the various law enforcement agencies who made this possible.