Opening the 11th Irisscon conference in Dublin, Brian Honan, CEO of BH Consulting and head of the Irish Reporting and Information Security Service (IRISS), said that it is the same issues that continue to be a problem for businesses.
Focusing on statistics gathered by IRISS and from other Computer Emergency Readiness Teams (CERT) around the world which identify compromised systems in Ireland, Honan said that 43,000 incidents were detected from January 1 to today, and majority of the incidents were DDoS attacks against websites hosted in Ireland.
Honan also said that 5,800 phishing sites, 624 outbound hacking incidents, and 30 websites hosting malicious scripts were detected in Ireland.
“We also see this across the industry,” Honan said. “Don’t worry about APTs or zero-days, worry about hijacked cloud based attacks. If you rely on your users to protect you with passwords you run risk of accounts being hijacked.”
This has led to an overall increase in business email compromise and CEO fraud. Honan said that one slide has been in every presentation for 11 years, featuring the root causes of:
- Poor passwords
- Missing patches
- Vulnerabilities – web platforms, out of date software
- Out of date anti-virus
- Lack of monitoring.
Looking forward to the future, Honan said that things will remain the same, with poor passwords and hijacked accounts being a cause of attacks, as “attackers are lazy and will take the easy way and if it works, use it over and over again.”
Saying that security issues are no longer just the worry of “us geeks in the IT department,” but also for “businesses, society and democracy too,” Honan also predicted more ransomware, including extortion were an attacker charges a victim to not put their data on internet than payment to get it back, and attacks on supply chain, industrial control systems and the cloud.
He concluded by encouraging more information and threat sharing, saying that too many businesses and sectors do not share information, as a breach is seen “as a badge of shame, but it is a part of business” and how you deal with it and respond is how you will be judged.