Cyber security - a moving target

In our Zoom for Thought on June 9th, 2020, UCD Discovery Director Prof. Patricia Maguire spoke to Jacky Fox (pictured), Managing Director, Accenture Ireland Security, and Vice Chair Cyber Ireland, about “Cyber Risk: A Moving Target”. In case you missed it, here are our Top Takeaway Thoughts.

 

 

 

University Challenge

Everyone is vulnerable to cyber attacks but university students “in a lot of cases inherently aren’t as risk averse as a typical population”.  A balance must be struck between allowing them to “explore and utilise the infrastructure to do what they need to do as students versus actually securing it and stopping them doing certain things”. 

 

Assess your assets

When protecting against cyber attacks, think about what people might want to target and why. In the case of universities, would-be student hackers “might want to know what exam results they’re getting or to change their exam results”. Fox also advises universities to protect website home pages from being defaced by anyone who might have a grudge. “Everywhere is a target, you just need to work out your assets and protect those more than you might the periphery of things”. 

 

Covid-19 scams

Phishing scams have increased since the Covid-19 outbreak. Cyber criminals are sending emails with titles like “Cures for Covid” or “Covid Symptoms”. They’ve got a lot of these social engineering techniques to try and draw people in psychologically and get them to click and download malware.”

 

Where hackers hide

Hackers are taking an interest in the companies racing to produce a vaccine or a cure and who may be signing big money deals in the near future. “Obviously there’s huge value in that so we’d see people trying to infiltrate networks to sit and wait. That’s probably also relevant from a college and university perspective.”

 

WFH cyber threat

When people worked in offices, servers and systems were secured by their employers. Home networks may be more vulnerable. “Cyber security workers are actually essential workers and we are looking at the insecurities and probabilities of the working-from-home perspective.”  

 

A game of cat and mouse 

Fox describes the dynamic between cyber criminals and cyber security workers as “a bit of a cat and mouse game. We are trying to squash their innovations, think about what they might try and do next and plan how we could either look for that or mitigate against it”.

 

Cyber security is interdisciplinary

Though mostly made up of technologists, cyber teams are becoming “more and more” interdisciplinary. HR, legal, marketing and communications experts are needed when companies have security breaches, which are typically caused by employee mistakes. “It’s also crucial for national security and citizen security that somebody is thinking from a policy perspective to protect those who can’t protect themselves and to protect our national infrastructure.” 

 

Avoiding personal attacks

Ignore unexpected emails saying you have a refund or an invoice. Use really strong passwords and do not reuse them across multiple sites. “If you’re signed up to many services some of them will get breached over time and if you’ve shared the password it is easier to get access to other accounts - and you’ve been captured, basically.”

 

Cyber safety at home

Make sure your wifi is password protected and not open. If you are adding fancy new IoT devices, put them on segregated pieces of the network rather than having everything together. “These devices tend not to have security as well built-in as traditional products so they can open up vulnerabilities. If somebody can get onto one device on your network in general they can travel to other devices.” 

 

PS Some light reading

Fox recommends Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers by Andy Greenberg. It’s basically about the history of hacking on industrial control systems and critical infrastructure like power and water - about how this came about, which nations are involved, what the politics behind it are and why they started doing it.”