Cybercrime training 'crucial' - Cork cybersecurity firm warns following ransom attack research

A CORK Cybersecurity firm warns training is ‘crucial’ from ‘receptionist to managing director’ following new report that shows that one-third of Irish SMEs have been the subject of ransom demands.

CEO of Smarttech247, Raluca Saceanu, told The Echo that most of these attacks originate from Russia, North Korea, and China.

New figures released by IT and cyber-security firm Typetec state that three-quarters of affected companies have paid out repeatedly, with the average payout costing €22,773.

Smartech247 advises SMEs on their cybersecurity policies, including some companies in the manufacturing sector which can’t afford any disruption. “Phishing is still quite common when it comes to these kinds of attacks,” said Ms Saceanu. “It’s changed from quite a few years ago when they would send out an email and someone would click on it and that would install malware on their computer.

“We have noticed recently, is that detection technologies have gotten really good, the ransomware operator will go in via a phishing email but they don’t do anything for a while.” The hackers use this time to “exfiltrate” or steal data from a company, to understand what technology the company uses, and even turn off some components. “They will try to move ‘laterally’, and after a week or two, launch an attack.” Of those that payout, 67% of companies still complain that their data was leaked anyway, and 71% of SMEs feel vulnerable to attack.

The hackers’ approach is now two-pronged. 

“It’s not enough for them to go in and encrypt, as they may not get the ransom payment. But if they steal a bit of intellectual property or sensitive personal identifiable data, they can use their double extortion techniques to get the money.” 

It’s crucial that SMEs in Cork provide awareness training on such techniques to all employees, from the receptionist right up to the managing director.

“My advice would be to test their systems,” adds Ms Saceanu. 

“Make sure that they conduct security audits, and see if a person was trying to get in, how far could they go?

“It’s important to back up their data, and encrypt their data as well. One thing that they go for is the backup – they want to make sure that you can’t recover your data.”