Irish businesses, Government departments and semi-state bodies are “sitting ducks” for new and more devastating cyber attacks than the one that crippled computers worldwide last month, a leading IT expert has warned.
Chief executive of Cork-based IT company Smarttech, Ronan Murphy said it was a matter of time before a similar incident such as the WannaCry ransomware attack, which targeted many thousands of Microsoft computers worldwide last month, happened again.
The former chair of the non-profit it@cork European Tech Cluster movement in Cork predicted a similar incident would bring computers down worldwide “in the next couple of weeks”. He said: “It is like when a tsunami hits and the water is sucked back out into the ocean. People standing on the beach thinking it’s over don’t see the danger until a bigger wave comes back to devastate the whole place. We are all currently standing on the beach, oblivious to what is about to happen.” WannaCry affected 230,000 computers globally, including the UK’s National Health Service and Spain’s Telefonica, while companies were hit by ransom demands. Files on infected computers were encrypted and a ransom was demanded to release the files back to the owner. The computers affected had Microsoft operating systems with protection not up to date, effectively leaving them as sitting ducks, Mr Murphy said.
He said an initial hack of the US National Security Agency (NSA) some months ago by the Shadow Brokers hacking group was akin to a cyber version of raiding a military base and stealing the weapons. The raiders were now releasing the sophisticated cyber-weaponry used by the NSA to spy on people and are also prepared to sell the secrets, he added. “They decided to release the first of many dumps on the Easter weekend and we all saw what happened. They have many more exploits to dump and they are going to do so this month. I believe it will happen within two weeks,” Mr Murphy said.
Updating Microsoft security systems - known as patching - was the only protection for computers, he said. Problems will arise, he added, because many older Windows operating systems are not compatible with the current patching. The patching - which happens when Windows installs updates on newer computers - is also time-consuming, he said. Windows offers automatic updates on many new computers but it may have be done manually on older versions. “Without a shadow of a doubt, Irish business and some Governmental and semi-state departments are vulnerable. Many are using obsolete systems and there will be attacks. WannaCry was only the tip of the iceberg. This is James Bond stuff because criminals can bring the world to its knees and they know it. The hits on high-profile organisations will go through the roof. It will get worse before the year is out, “ he said. A new report from PwC has found cyber risk is the top concern for Irish insurers, especially as the industry had access to sensitive information.
PwC said some Irish respondents reported “they are getting attacked daily with most attackers being amateur but some being scarily professional”.
PwC Ireland cyber leader Pat Moran said: “We expect more cyber-attacks and, as insurers, hold so much personal data and operate with legacy infrastructure, this is of concern.”
© Irish Examiner Ltd. All rights reserved