Ireland’s National Police and Security Service offered a law enforcement perspective on cybercrime trends and how to collaboratively combat these threats during the IRISSCON 2022 conference.
DI Gerard Doyle, from the agency’s National Cyber Crime Bureau, outlined a recent expansion in Ireland’s law enforcement’s ability to investigate cybercrime. This includes the creation of four satellite hubs throughout the country to monitor cyber activities and gather evidence, with two further pending. He also highlighted the Bureau’s role in providing support to victims, gathering forensic evidence to bring perpetrators to justice and educating stakeholders to try and prevent crime.
Cybercrime is a matter of perception, Doyle argued, because too often we only focus on what we can stop, but we need to think about what more we can do to tackle threats more effectively.
While the Bureau is primarily focused on cybercrime, such as ransomware and data breaches, it assists other police agencies in securing evidence for “cyber-enabled crimes.” These are essentially regular crimes that involve a cyber element. The vast majority, about 60% of the organization’s forensic activity, are child sexual abuse material.
Doyle noted that nowadays, all organized crime, such as drugs and extortion, include a cyber element, “which is the huge change that we’re seeing in the organization.”
He highlighted ransomware and phishing attacks as the biggest cybercrimes that are dealt with by law enforcement. “Any organization or person who has to engage with an individual or organization is open to attack,” he commented.
“Very often, the weaknesses lie in people and not in systems,” Doyle added. While it is possible to be aware of weaknesses in systems and address those issues, if people don’t follow the correct protocols there is very little that can be done.
To counter the dangers posed by human error, Doyle outlined five steps organizations should take:
- Safe: restrict public-facing information
- Multi: implement multiple layers of authentication
- Accept: don’t accept unsolicited emails and attachments
- Reliable: update software/systems
- Tell: report cyber-issues to relevant people internally and externally
Doyle ended the presentation by giving two key takeaways for organizations. The first of these is to not pay ransomware demands. While he acknowledged “this can result in huge economic implications” for affected organizations, Doyle outlined statistics showing that there is no guarantee the data will be returned or not leaked following payment. Bureau figures show that just 8% of firms that paid a ransom got 100% of their data back, while 25% got less than half.
Additionally, it provides an incentive for cyber-criminals to keep conducting these attacks, which ultimately puts everybody at greater risk.
Doyle’s other key message was the importance of organizations reporting cyber-incidents. While the police will not be able to bring every perpetrator to justice, at the very minimum this information can increase their knowledge of the threat landscape and enable them to prepare for similar incidents. “Increasingly, police work has become about crime analysis,” he noted.
Concluding, Doyle added that “for the bigger picture work, we need organizations to come on board and engage with us.”