Special Report
A special report is content that is edited and produced by the special reports unit within The Irish Times Content Studio. It is supported by advertisers who may contribute to the report but do not have editorial control.

Extensive reach of cybercriminals continues to grow

Areas of concern are national security, personal and sensitive information

Cybercrime is not like a house burglary. It can be months before it is realised   a cyberattack has been carried out.
Cybercrime is not like a house burglary. It can be months before it is realised a cyberattack has been carried out.

Breaches in cybersecurity aren’t just about computers. They might just determine the future of an entire nation, as anyone paying even the most tangential attention to the US presidential elections can attest. Hacked emails from the Democratic National Convention and, more recently Colin Powell, may yet alter voter behaviour.

But national security is just one of the areas of modern life at risk from cybercrime. “The areas of deep concern for data security are national security, personal and sensitive information – such as where your entire personal life can be on your phone – healthcare, banking and finance, and manufacturing,” says Jon Legorburu, head of litigation and dispute resolution at legal firm Byrne Wallace.

That’s a pretty extensive reach, with the risk carried by our own mobile phone the one we are perhaps least familiar with.

“People don’t really realise how much they have on their phones,” says Mark Gardiner, head of products and services at Three, a mobile phone network. “And that is only going to increase with the rise of mobile payments.”

READ MORE

Mobile device makers have responded by offering an array of enhanced security solutions, including such features as Find my iPhone. “What we at Three do as a company to reduce the risk to users is have a ‘walk out working’ feature that ensures customers have all their security settings up and running before they leave the store,” he said.

The internet economy is valued at $4.2 trillion (€3.74 trillion), according to Boston Consulting, and digital crime is estimated to be worth €400 billion annually.

Rise in ransomware

The latter is growing at a massive rate, fuelled by a rise in ransomware, says Karl McDermott who is head of ICT at Three Ireland. "It's the digital equivalent of the guys in The Sopranos going into a shop with baseball bats and closing it down."

Sectors most hit by ransomware include healthcare and, in Ireland, the legal profession. Earlier this year the Central Bank, warned all those coming under its aegis, including investment firms, funds, fund service providers and stock brokers, that cyberattacks present a significant threat.

A recent report from KPMG into cybercrime found that only 22 per cent of large companies were ready to cope with an incident. “The problem is that the sophistication of the cybercrime and the value of the attacks has gone up, but effective action has not kept pace to the same level,” says McDermott.

Criminals can now buy ‘crime as a service’ online, he says.

One of the biggest trends in computing in the past two years has been the migration to ‘cloud’ or internet-based applications, including security solutions. “Five years ago the security product tools people used were brought into a building. In the last 18 months these are increasingly cloud-based solutions,” says Chris Davey, master technology architect at Accenture.

Security challenges

At the same time we have seen the arrival of the ‘internet of things’ – digital devices that communicate with one another. Both are bringing all sorts of security challenges.

“Only recently in the US we saw an incident where someone hacked into a pacemaker. And we have to ask ourselves, what will a DDOS (distributed denial-of-service) attack look like in 2025, when three-quarters of cars are driving themselves? The internet of things is going to lead to a massive increase in the number of devices connected to each other. Yet we know that the more complex a system is, the more difficult it is to secure it.”

Sensors may present the weak link in terms of cybersecurity. “If, for example, you have a device that is measuring your heart beat and you are uploading that data to your insurer, who incentivises you do to so by offering cheaper insurance, what is to stop you faking that data?” he asks.

On the other hand, the rise of ‘big data’ and data analytics should, in theory, help to reduce risk.

“It’s about looking for anomalies. So, if I am working in a shop every day and sit at the check out, and one day I leave and go into the room where the safe is, is that something my employer should be interested in, given that so much fraud takes place by insiders?”

Banking sector

For the banking sector the risks are particularly acute. “Part of the problem facing a number of banks across the globe is that they haven’t invested as much as they should have in the infrastructure required to keep their data as secure as it should be,” says Colm McDonnell, head of risk advisory services at Deloitte.

“It is cheaper for them to store their data in the cloud, and the theory is that it is safer too. But that is not always the case. Yes it is cheaper and it is a managed service. But the downside is that they lose a little control in relation to their data protection. At the end of the day, where is the data sitting? There is a trust issue here.

“In the old days people knew what they valued was in the safe, in a room, in the bank. Now the question for organisations is whether you should go in the cloud? It’s like the buffalo, is it safer to stay in the herd for protection or to hide behind a tree, like in a Gary Larson cartoon?”

Organisations need to understand their assets, in this case their data. “It may be that they are happy to spend a tenner on keeping 99 per cent of their info safe, but spent a whole lot more really ensuring they have protected the most important 1 per cent. But that presumes they know what the really important stuff is,” says McDonnell.

They also have to understand when they have been breached. “Cybercrime is not like a house burglary. Invariably a cyber attack happens months before it is found out.” The $100 million heist from the central bank of Bangladesh, reported earlier this year, had taken place 15 months previously, he points out.

“In effect it’s like the burglars are hiding under the bed watching to see where you keep your watch and jewellery.”

Sandra O'Connell

Sandra O'Connell

Sandra O'Connell is a contributor to The Irish Times