Government needs to take an active role in cybersecurity if it wants to develop technology sectors.
Speaking at the tenth Irisscon conference in Dublin, BH Consulting CEO Brian Honan said that as the Irish Computer Emergency Readiness Team (CERT) was established in 2008 at the same time as the economic downturn, the intention of the CERT and Irisscon was to “identify Ireland as a key player in technology.”
Highlighting the change in times from its beginnings, Honan mentioned that in the first year of the CERT it received 448 incident reports, while 10 years later that figure was more than 30,000. He said that this has come about because of “more notifications and coordination with other CERTs” and shows how much the cybercrime landscape has changed in Ireland, as cyber-criminals are targeting companies not matter where they are.
Despite claims of zero-day exploitation and advanced persistent threats, Honan said that the root cause of security problems are poor passwords, systems that have not been patched and a lack of monitoring. “Companies only find they are hosting malware, cryptomining software or phishing domains when the CERT contacts them,” he added. “It is not what hits the headlines, it is the bog standard boring stuff.”
Looking back at milestones in the first 10 years of the Irish CERT, Honan said that Ireland was one of the key players in the Stuxnet takedown “as two command and control centers were hosted in Ireland.” It was also part of the Conficker working group, the take down of DNSchanger and it has worked with TFC CERT and FIRST “so we are actively involved in trying to make the overall online environment much safer as well.”
Concluding, Honan said that the whole nation relies on the work of the CERT. He warned: “We need to take this more seriously and need a role in government to take responsibility of cybersecurity at a national level, and we need a Tsar to drive this.”
He praised the work of the Irish National Cyber Security Centre despite many people not knowing of its existence. “As a nation, we should be very proud of what we are doing to keep safe, but as an industry, we need to go to politicians and say we need to spend more time on it.”