‘Whatever you are spending on cyber security is not enough’
Irish people need to be more guarded in their social media activities, and businesses are not investing enough in their IT security, one of the Garda’s top cyber crime detectives has warned.
“Whatever you are spending on cybersecurity is not enough,” Detective Superintendent Michael Gubbins of the Garda Cyber Crime Bureau told a conference on cyber fraud in University College Cork yesterday.
The conference, Hacking the Human: Cyber Fraud in a Digital Age, heard that cyber fraud is under-reported at both corporate and individual level, and that businesses suffered ransomware attacks such as the NotPetya virus which locks a user’s computer until a ransom is paid to the hackers responsible.
Det Supt Gubbins said few such attacks are reported to the Garda Cyber Crime Bureau.
“Someone came to me after a similar talk to this and said: ‘Actually, I know a couple of companies, they were victims of NotPetya, it’s not widely known, it cost them a lot of money and they are still trying to mediate,’ ” said Det Supt Gubbins after the event.
He said the issue is underreported globally, and that his appearance at such conferences is to spread the word that the gardaí have dedicated resources to investigate such crimes.
“We are there for people to report to us,” said Det Supt Gubbins. “People don’t report to us, we can’t investigate, therefore we can’t know or make people aware of what’s actually happening.
“We want people to report to us so we know what’s going on so we can build up our own experience.”
The public needs to be wary of “social engineering”, h e s a i d — a s i t u at i o n whereby criminals will look to use information posted on social media to pose as an individual to scam their contacts.
“It’s about being conscious of the information you are giving out, and to whom you give it,” said Det Supt Gubbins.
“If you look at someone’s LinkedIn account it tells you who they are, who they work with, and the people who are connected to them.”
Rosie Coffey, UCC’s IT security officer, told the conference of how fraudsters hit UCC’s suppliers with a purchase order scam last summer, wherein the criminals posed as the university to effectively steal highvalue goods from businesses.
“Hundreds, if not thousands, of retailers, vendors, and suppliers around Cork were receiving purchase orders purportedly from UCC,” said Ms Coffey.
“They would be for highvalue goods, the delivery address would be to a nonUCC address, typically a warehouse.”
Despite UCC alerting its suppliers and “firefighting” with gardaí to spread the word about the scam, Ms Coffey said some fell victim to the scam.
“But still some retailers in Cork did get caught out for this, and that’s how the criminals make their money,” she said.
Cybersecurity company SmartTech247 is to open a security operations centre in Cork on Monday. Chief executive Ronan Murphy said its customers face a “tsunami of attacks” on a daily basis.
He believes there’s a lack of readiness among the public.
“That’s clear by the headlines, if you look at them on a daily basis there’s a new breach every second day,” said Mr Murphy.
“We’re facing rogue states like North Korea which are posing a big challenge in terms of what they are doing with things like Wannacry [ransomware].”
Governments, Mr Murphy warned, are “playing catchup” when it comes to tackling cyber crime.
“The bad guys are innovating faster than the good guys, I think all governments globally have a big challenge,” he said.
Detective Superintendent Michael Gubbins.