Something 'phishy': Why Irish organisations are a plum target for hackers

Human link still weakest cyber defence as more organisations fall victim to socially-engineered cyber fraud and phishing attacks.

It has emerged that UCC had €110,000 stolen from it by hackers in 2015.

The revelation follows on the heels of a major cyber attack on Trinity College Dublin in April in which up to €1m was reportedly scammed by thieves.

The Sunday Independent reported that UCC is currently under sustained attack by fraudsters with at least three attempted frauds per week.

It reported that in 2015 online criminals successfully penetrated its security network, laundering €110,000 to an offshore account after gaining access to the accounts payable department.

The revelations show just how vulnerable Irish institutions are to scams by sophisticated fraudsters.

After WannaCry devastated systems around the world, it is understood that a number of Irish businesses fell victim to the Petya attack last month.

Ransomware attacks are on the rise and usually block organisations from their systems in return for a ransom. In the case of WannaCry and Petya, the hackers appeared to be more interested in simply destroying systems.

But other more elaborate schemes simply find ways to manipulate users into making mistakes.

The weakest link? You

What is worrying is how managers in organisations are susceptible to social engineered attacks, for example.

In the case of Trinity College and the theft of up to €1m from the Trinity Foundation, the money was allegedly siphoned off by thieves who sent emails asking college officials to change bank account details for payees.

The Foundation was alerted by its bank to suspicious activity in its accounts and some of the funds were recovered.

It is isn’t just academic institutions that are prey to these sophisticated attacks.

In recent weeks Meath County Council confirmed that some €4.3m in funds that were the subject of cyber theft in October last year were safely returned to the Council’s bank account.

The money was frozen in a bank account in Hong Kong after Gardaí interrupted attempts to steal the money.

The council was the victim of what is known as “CEO fraud” in which large sums of money are transferred by criminals in foot of a bus instruction in the name of a company chief executive.

In the case of UCC, crime gangs successfully penetrated its network and laundered €110,000 to an offshore account.

It is understood that some €73,000 of the money was recovered by the university through its insurance policy.

The attack prompted the university to invest more than €100,000 on stronger firewall technology and software to identify fraudulent emails and malware.

The college still faces at least two to three attempted frauds per week.

The truth is any organisation big or small can fall victim to sophisticated social engineering attacks that often begin with a phishing attack whereby a user click on a link within an email or volunteers information.

No matter how much an organisation invests in its security, the weakest link will always be human.

The key is to educate and train staff in how to recognise suspicious emails and other communications and not fall victim.

The reason Irish organisations are a plum target for socially engineered cyber attacks is because they aren’t putting enough effort into training staff to be wary.

More needs to be done.

The price isn’t just financial, it is reputational.