• These bodies work closely to identify methods used by cyber-criminals; and to advise businesses and the public how to avoid falling victim to cyber-crime
  • An increase in ransomware attacks against businesses is evident, where payments are demanded
  • Phishing attacks continue to target the most vulnerable in our communities – to steal personal data and money

Minister of State at the Department of the Environment, Climate and Communications, Ossian Smyth TD; Minister for Justice, Helen McEntee TD and Assistant Garda Commissioner, Paul Cleary have today (Tuesday, 4th October) launched a joint public awareness campaign for October’s European Cyber Security Month. This year’s campaign focuses on the twin themes of phishing and ransomware, urging vigilance and outlining their potential impacts on the everyday lives of Irish citizens and businesses. The campaign is being jointly promoted by the National Cyber Security Centre (NCSC), and the Garda National Cyber Crime Bureau (GNCCB).

Over the course of Cyber Security Month, which runs throughout October, the NCSC will raise awareness on phishing and ransomware across online and traditional channels. This will take place alongside work by the GNCCB; both bodies are engaging with target audiences — for example the elderly and SME businesses — to highlight the risks involved and the steps that can be taken against both phishing and ransomware attacks.

Phishing emails, used by attackers to lure people into disclosing personal details or clicking on malicious links, are used by cyber-criminals to gain unauthorised access to a computer or network. Hackers continue to design smarter and more sophisticated phishing emails, in the hope of gaining people’s trust and pressuring them into acting without thinking.

Throughout October a key focus will be on informing the public, in particular the elderly, on how to avoid becoming a victim of email phishing, how to spot the tell-tale signs of these types of emails and what to do if a person has fallen victim to an e-mail phishing attack.

Commenting on the launch, Minister McEntee said:

I know I am not alone in being bothered by fake calls and text messages, and I share people’s frustrations at having to fend off these criminals and their often sophisticated scams. The simple truth is that the same technological advancements that have made our lives easier in so many ways also open us up to new forms of criminality. And, by its nature, those seeking to take advantage of today’s global connectivity often sit outside the easy reach of domestic law enforcement. That is why we need to do everything we can to help people and businesses protect themselves.

The ability of international criminal gangs to launch ransomware attempts against Irish entities from anywhere in the world reinforces the importance of having well-designed and resilient cybersecurity procedures and systems in place.

European Cyber Security Month is a valuable opportunity for us all to work together to raise awareness of the dangers of cybercrime and try and protect those most at risk. And the continued expansion of the Garda National Cyber Crime Bureau and the National Cyber Security Centre under this Government demonstrates our commitment to doing so.”

Assistant Commissioner Cleary, Organised & Serious Crime, commented: “We have seen an increase in ransomware attacks against businesses, where payments are demanded to regain access to critical data information systems. The impact of these types of crime can be significant where companies are no longer able to function and recovery costs are potentially severe.

At the same time, phishing attacks can target the most vulnerable in our communities — to steal their personal data and their money. The Garda National Cyber Crime Bureau and the National Cyber Security Centre work closely to identify the methods being used by cyber-criminals, so that we can advise companies and the public how to avoid being victims of cyber-crime and enable them to recover from a cyber-attack when it does occur.

Our collaboration for European Cyber Security Month is an important part of our cyber-security strategy and demonstrates the commitment of both agencies, and of Government, to make the online environment safer for businesses and the public.

Tactics of criminal ransomware groups

The second area of focus is ransomware. Focus will be on the stages of a ransomware attack chain, the impacts they have, and the important actions that can be taken in ‘breaking the chain’ and stopping an attack from occurring. Previously issued guidance will also be promoted, including a ‘Cyber Vitals’ checklist and ‘12 Steps to Cyber Security’ for businesses — to help to build and improve their cyber resilience (to defend against ransomware attacks).

The NCSC and GNCCB have seen a noticeable change in the tactics of criminal ransomware groups, whereby rather than largely focussing on Governments, critical infrastructure, and big business, they are increasingly targeting smaller businesses. Both agencies advise that ransom payments should not be made to criminal groups, highlighting that there is no guarantee that paying a ransom will lead to your data being successfully decrypted or prevent the data from being leaked online.

Speaking at the launch, Minister Smyth said:

As the National Cyber Security Centre and Garda National Cyber Crime Bureau have highlighted recently, there is an increasing and worrying trend globally of SMEs being targeted by ransomware groups, with Irish businesses being amongst those impacted. Organisations are facing a very real threat from cyber-criminals looking to disrupt these organisations from functioning properly – in return for a ransom.

We are also aware of the different forms of phishing out there. These can have a very damaging impact on citizens and businesses. European Cyber Security Month is a terrific way to raise awareness of these issues – amongst small and medium sized businesses and amongst all Irish citizens. This will ensure they have the necessary defences to protect themselves against these cyber-related threats.

The NCSC and GNCCB will also take part in a webinar on ransomware hosted by IBEC and the Small Firms Association during the second half of October. The webinar will involve panel discussions on key cyber-security challenges and what key steps businesses can take to defend against these types of online crimes. In addition, the Bureau will take part in a series of roadshows around the country organised by ISME to discuss cyber risks and awareness from the small and medium enterprise business sector. Full details of locations and dates are available on the www.isme.ie website. Similar support is being provided by Age Action and Age Friendly Ireland, who will use their networks to get the European Cyber Security Month 2022 cyber safety message out – to senior citizens and the wider community.

The NCSC will conduct several briefings for Operators of Essential Services (OES) and Government Departments to raise awareness of Cyber Security threats during October. The NCSC will also host the first session of the Cyber Irelands National Conference on Enhancing Resilience in an Uncertain World on 5th October.

Notes:

National Cyber Security Centre (NCSC)

The National Cyber Security Centre (NCSC) is the Government’s operational unit for network and information security and acts as a central contact point in the event of a Government or nationwide cyber-security incident affecting the State. It serves a constituency made up of organisations from the Irish Government and many of the Critical National Infrastructure providers from key sectors such as energy, transport and health. It engages in a comprehensive set of tasks around cyber-security, with a primary focus on securing Government networks and securing Critical National Infrastructure. It encompasses the State’s National/Governmental Computer Security Incident Response Team (CSIRT-IE).

The public can also contact the NCSC if they feel that they have experienced a cyber-security incident that may have a national impact. However, members of the public or businesses who are victims of cyber-crime, where they are affected individually, should report these incidents to the Gardaí.

Garda National Cyber Crime Bureau (GNCCB)

The Garda National Cyber Crime Bureau (GNCCB) has responsibility for investigating significant and complex cyber-crimes that target computer systems, whether they are company or privately owned. The Bureau is the primary liaison with international and European law enforcement cyber-crime centres and has established strong partnerships with academia and the technology sectors.

The GNCCB is responsible for the provision of a computer forensics service to all criminal investigations and works closely with the NCSC where the target of the attack is a Critical National Infrastructure provider to identify those responsible and the methods used in the cyber-attack.

Coupled with these primary roles, GNCCB provides cyber-prevention advice to the corporate and public sectors on online threats and safety. Any person or company who believes they are the victim of a cybercrime should report it to their local Garda station.

European Cyber Security Month

European Cyber Security Month (ECSM) is coordinated by the European Union Agency for Cybersecurity (ENISA) and takes place each year during the month of October. ENISA’s press release for European Cyber Security Month can be found at: https://www.enisa.europa.eu/news/european-cybersecurity-month-2022-ten-years-of-raising-cyber-awareness-throughout-europe] .

The campaign is supported across Europe by Member States, which organise numerous activities including conferences, workshops and webinars. They also disseminate appropriate awareness-raising material and good practices to promote cyber-security and cyber hygiene. During October, the NCSC and GNCCB will share content from ENISA on two themes – phishing and ransomware.


Help support Cork Safety Alerts by becoming a member – Click Here