These days, the most pressing threats in the cybersecurity sector are the loss of data and information leaks caused by organized criminals. Most of these attacks occur via popular extortion models such as ransomware or cryptojacking, both of which are easy, efficient ways to get results. Brian Honan, renowned consultant, expert in the cybersecurity industry, and advisor to several government agencies is of the opinion that: “criminal organizations adapt quickly to these models and change their attack tactics as soon as they see new possibilities to make money.”
Today we talk to the founder of the Irish Reporting and Information Security Service (IRISS), Ireland’s first CERT (Computer Emergency Response Team). He was also named SC magazine’s Information Security Person of the Year, and was inducted into the Infosecurity Europe Hall of Fame in 2016. Here’s what Brian Honan had to say:
How can companies avoid the risks related to cryptojacking?
In the case of cryptomining, there are two aspects to take into account. If the browsers on your computer or your mobile devices are affected by a malicious code injection that mines cryptocurrencies, it won’t necessarily affect you directly beyond your devices slowing down. However, at some point in the future, the attackers could use software executed on your device, via your browser, to manipulate you or to attack other people.
The other aspect to bear in mind is that criminals are never going to want to create their own websites, because it’s normally quite costly. They’ll seek out vulnerable websites, or ones that haven’t been updated, to inject malicious code and infect the people that visit them. This is something that could cause some serious reputational damage if it were to happen to a company. Internet security companies could also block your website if they see it as a threat: you lose possible clients, and your image is immediately damaged.
They’re not the most eye-catching solutions, but keeping operating systems updated and having good IT security software can eliminate most of the cybersecurity risks that you might come across. Your browsers also need to be patched and up-to-date, and we mustn’t forget endpoint security. As we work in a cloud environment, connected devices like printers also need to be protected at all times.
And what can they do in the case of ransomware?
The solutions are similar: patched and updated systems. But in this case, we need to add solutions such as restricting administrator access on company computers, because users shouldn’t have admin credentials for company devices. A central management system that controls all these protections makes the professionals’ jobs a lot easier. Other tools such as user access controls and application whitelisting reinforce the protection against these kinds of threats.
If it’s a Windows computer, security professionals can restrict access so that .exe files or executable files can’t be launched from temporary folders or from the downloads folder.
What has changed since the implementation of the GDPR?
At our consultancy, we’ve seen a significant increase in data breach reports. Before the 25th of May, we maybe had two or three leaks a month. Now we’re seeing two or three a day. It’s worth pointing out that these are data losses, not necessarily security violations: lost devices, invoices or files sent to the wrong people…
After the implementation of the GDPR, there’s also a greater awareness of corporate responsibility in terms of personal data and user rights. That is, it’s not that infringement is going up, but complaints are going up because companies notify and report what would have gone unnoticed before.
What was your job as adviser for Europol’s European Cybercrime Centre (EC3)?
My job consisted of giving them information from within the industry about threats and trends that we cybersecurity professionals see. Detailing how our clients are affected, the different vulnerabilities that appear with new technologies, and promoting public initiatives like nomoreransom.org to unlock files encrypted by ransomware.
The EC3 bridges the gap between the police authorities of the EU member states. It has the capacity, for example, to investigate bitcoin wallets or IP addresses that the authorities provide after attacks, and find connections between them to uncover criminal organizations. EC3 allows us to have more resources to tackle cybercrime and facilitate cooperation between international agencies outside the EU, such as the FBI, or the Russian or Australian police. Criminals no longer respect borders, and, by promoting the exchange of intelligence and international cooperation, we are contributing to the global fight against cybercrime.