AN URGENT warning has been issued to Clare’s business community following a sharp spike in cyber attacks targeting small to medium enterprises.
Cyber security expert Edel Mee, who is based in Clarecastle, backed a recent appeal sent by The National Cyber Security Centre (NCSC) and the Garda National Cyber Crime Bureau (GNCCB) to the Small Firms Association (SFA).
Both the NCSC and GNCCB warned of “a trend of small and medium-sized businesses being increasingly targeted by ransomware groups”.
Ransomware attacks are just one of the multiple types of cyber crime directed at business and other organisations.
They involve sending malware, mainly by email, which encrypts the user’s data. The cyber criminals then demand a ransom to unlock the system.
While high profile cases involving the Health Service Executive (HSE) and other large organisations have received significant media attention, Edel said they are happening regularly to smaller enterprises.
“IT security on a network is like your immune system,” she said.
“If you’re not building a strong immune system, you’re leaving yourself susceptible to all of these viruses that are going to come and potentially flatten you. It can take months to recover from a cyber attack.”
Edel, who is Managing Director of IT Security People (ITSP), and a specialist in security and digital forensics, said many firms are so busy with day-to-day concerns, that they can overlook serious risks to their systems.
“People still don’t realise the threat that attack-based emails can pose to a business,” she said.
“This is where, just from a click, you can download something and you don’t even know what’s happening because you don’t see it.
“That software starts working away in the background. If the underlying system is vulnerable and hasn’t been updated and patched, it’s then potentially going to get locked. That’s basically what encryption is. It locks up all of your files so that you can’t access anything. You’re locked out of everything, which for a small business can be crippling.”
The cost of a ransomware attack includes loss of business, reputational damage and stress, even before the price of restoring and upgrading IT infrastructure is considered.
“There’s a lot of impact in this, outside of just losing access to your files,” Edel said. “A lot of business don’t even have basic cyber insurance tied onto their office policy. The costs then can be huge.
“If it’s a data breach, you have to notify the Data Protection Commissioner. You might also need legal advice and someone like us to come in and investigate.
“Your IT company is going to have to potentially come in and rebuild everything. You’re into tens of thousands of Euro very, very quickly.”
Edel has been working in IT for 25 years, did a Master’s degree in cyber security in 2011, “at a time when nobody was that interested in cybercrime”.
Her company supports others to upgrade and protect their systems, but they are often called in in the wake of a ransomware attack to investigate the source.
“If you just simply restore the system as quickly as possible and just keep doing what you were doing, you’re still at risk,” she said.
“If you do have cyber insurance, your insurer won’t pay until they know exactly what happened. The Data Protection Commissioner won’t fine you for being attacked.
“No network is impenetrable. What they’re looking for is that you had anticipated something like this and how prepared you were and what measures you were taking to protect the data.
“They also want to see how you managed the attack. It’s the pre- and post- measures that the law, the regulators and the insurance companies will be looking at.”
Advice on preventing ransomware attacks include regular updating and patching of systems.
“That’s your booster, it’s like getting your vaccine,” Edel said. “You also need to make sure you have backups of your data.
“Make sure all users are aware of the risk of clicking on links in emails. Make sure that you always change default credentials. If you get a new system and log in is written on the back of the box, make sure to change that.”
After a ransomware attack, Edel’s advice is to take immediate action.
“First plug out the device you think was compromised, if you’re in the lucky position to know,” she said. “Then, it’s actually a crime scene. Ransomware is essentially electronic blackmail.
“Like every crime scene, there is evidence. The advice is to report to Gardaí.
“People are often tempted to pay the ransom, but the fact is if you do, you’re still at risk and there’s nothing to stop the attackers from coming back again.
“Cyber criminals are casting the net all the time to see what they can catch, that’s why attacks are often referred to as ‘phising’.
“If they’re going after you – that’s called ‘spear phising’ – there are very few places you can hide.
“The majority of attacks are opportunistic, but sectors like legal, accountancy and auctioneers are often targets because they have accounts with client money. Where there is money in the bank, you’ll be targeted.”
More information on ransomware and other cyber crime is available on Garda.ie.