Wake-up call when cybercrime gets closer to home
With many thousands of customers of Supervalu, Centra and Daybreak shops having been warned to check their upcoming credit and debit card statements as a precautionary measure after an attempted cyber attack on the stores, it offered a salutary lesson that this global spectre has now arrived at the heart of middle Ireland.
The ubiquitous man in the street and his granny shopping for her cat food were reminded in no uncertain terms that this ever- growing global criminality has now stretched right down into the handbag doing the weekly shop. While parent company Musgrave said there was “no evidence any data has been stolen”, it nevertheless advised shoppers “to review activity on their statements as a precautionary measure”.
Projected to reach €2 trillion by 2019, cybercrime is a fact of life for everyone now — and gaining momentum by the week. Incidents of ransomware, where files are encrypted by criminals until money is paid to re-access the data, have increased by 300% since 2015 and set to rise four-fold over the next three years. The 2017 Global Fraud & Cybercrime Forecast by RSA Security, part of Dell-EMC, cited the growing reach of mobile commerce as an entry point for online fraud: “Mobile is literally eating the world, and has become the dominant channel for instant communication and the expressway for banking and commerce worldwide. As organisations use mobile to transform the way they interact with customers, cyber criminals have also taken note — as evidenced by the rise in fraud attempts originating in the mobile channel.”
A cyber security awarenesss survey by Magnet Networks this year among 205 Irish companies found 48% of all businesses have no cyber-security policy in place, with a further 27% acknowledging either their security needs tightening or they are completely unsecure. The survey also found 26% of businesses had suffered from cyber attacks in the past two years, with a further 18% unsure if they have been affected. “We found only 13% of respondents think their business is very secure — and in the absolute world of cyber attacks you are either totally secure or you are vulnerable in some way,” said cyber security expert James Canty of Magnet Networks. The issues are magnified in small businesses having fewer than 10 employees, with 68% having no policy in place.
Based on CSO numbers, this indicates that 171,000 of 248,000 registered businesses have no-one specifically looking out for network security. “The proliferation of new types of malware means traditional anti-virus solutions are no longer as effective as they were in the past,” Mr Canty concludes. “They are constantly playing catch up, leaving computer networks vulnerable to attack.”
A keynote speaker at the upcoming conference on cyber security at Dublin’s RDS, Joseph Carson, from Thycotic says the traditional security barrier protecting most organisations is now ineffective. “For many years organisations protected their valuable and sensitive information by building a fence around those assets using endpoint protection and firewalls, and all the data that flowed in and out was either via a single internet access point or on physical devices,” he says.
“However, in the past 10 years we have seen the physical boundaries of an organisation almost completely disappear as a result of mobility and connectivity, with almost every person in an organisation becoming an internet access point.
“At an average transfer speed of 50MB per second, an individual can transfer almost 600GB of data out of an organisation within a day via a connection that is not being monitored or secured. With advancements like these, we can see why both antivirus and firewalls are no longer an effective, relevant security control.”
With the ability to simply connect their mobile devices together and enable a personal hotspot, the task of controlling the cyber perimeter has become far more difficult. A sobering thought.
