The b Insight
The Corporate Living Room & Cybercrime Detective Sergeant Paul Johnstone, Garda National Cyber Crime Bureau Computers are an essential part of our everyday lives. They allowed us to stay in touch as we stayed at home, while many businesses were able to find new customer bases and stay open, albeit online. As we emerge from COVID restrictions, the emphasis on remote working is slowly changing but some companies, and employees, will continue to provide a home-work mix to sustain their activities and support their staff. Low Cost or High Cost
T H E B U S I N E S S O F I R I S H S M Es
Many employees remain out of the cyber secure office and in the remote online world where digital controls and behaviours are less regulated. Sitting behind a computer screen can provide a sense of false security but it can create new potential victims who were previously hidden behind firewalls or malware protections. Home networks are traditionally not as protected as work systems and more vulnerable to attack. Cyber security protocols are relaxed at home with employers and staff tending to take an ‘out of sight’ approach when not in the office environment. Providing secure Virtual Private Network (VPN) connections or official laptops are not the complete answer. Searches for online products such as tickets or movies are completed on work laptops and vulnerable memory sticks are used to transfer unencrypted data from personal to work computers. Webmail accounts with messages containing insecure links or unsolicited invites are opened on corporate laptops and ‘friend’ requests are accepted over social media Apps using the same phones provided for work. It’s worth it! Cybercrime is nothing new. Criminals have long recognised the benefit of attacking and exploiting computers as a source of funds and a secure means of communication. An expanded victim base now exists and emerging new technology is being matched by emerging new offences. Cyberdependant crimes such as computer hacking have increased by over 150% in the first nine months of 2021, while cyber-enabled crimes such as phishing attacks or invoice redirection frauds, have more than doubled. Each cyber-attack brings a cost to victims that is not just limited to the cost of ransom demands. The loss of customer confidence and the effect a successful cyber-attack can have on employees and managers alike, can be equally damaging.
26
To report or not to report? Underreporting continues to be a significant problem with a recent report suggesting that only one in ten employees would report a cyber-attack to their boss. Similar statistics that show only 40% of companies would report attacks to police suggest there is a corporate view these incidents should be kept under wraps. But in doing so, valuable information is lost as each attack is unique in terms of the company involved, the methods used and the vulnerability that has been exploited. Preserved system access logs and recovered malware files can help identify attackers as well as helping victims and law enforcement prepare for future attacks. Prepare vs Repair It is important that you put in place precautions such as: •
Ensuring remote and current backups of essential corporate networks are available for recovery when an attack takes place are essential.
•
Using updated VPNs and devices with current software and malware protections.
•
Educating staff about current cyber risks and the dangers of mixing work and personal data; or the risks from accessing insecure links and websites.
Plan for a cyber-attack to take place because it probably will and support the fight against cybercrime by reporting any attacks to your local Garda Station. Paul Johnstone is a Detective Sergeant with the Garda National Cyber Crime Bureau and is responsible for cyber forensics and investigations as well as being the Garda representative on the European Judicial Cybercrime Network (EJCN) in the Hague, the European Cyber Training & Education Group (ECTEG) and a trainer with both the Garda Fraud & eCrime Postgraduate Certificate at UCD and the Academy of European Law (ERA). To find out more visit the GNCCB here.
