Raids on sensitive health data among looming threats, say experts

Zero Day Conference in Dublin hears about clear and present danger of cybercrime

Kurt Pipal, FBI (left) and Hank Thomas, Strategic Cyber Ventures, speaking on cybersecurity – how to respond to growing threats at ZeroDayCon in the Convention Centre, Dublin. Photograph: Dara Mac Dónaill
Kurt Pipal, FBI (left) and Hank Thomas, Strategic Cyber Ventures, speaking on cybersecurity – how to respond to growing threats at ZeroDayCon in the Convention Centre, Dublin. Photograph: Dara Mac Dónaill

Attacks on people’s healthcare data and on “big data” are going to among the greatest security threats in the coming years, a conference in Dublin has heard.

Industry experts from Ireland and worldwide gathered at the Convention Centre on Tuesday to share insights on current and future cybersecurity threats to governments and businesses.

Zero Day Conference heard that the sheer volume of data in circulation was one of the greatest challenges in dealing with cybercrime and that ransomware was also becoming more prevalent in Ireland.

Attacks on healthcare records will be among the main threats faced in the next few years, ZeroDayCon in Dublin heard.
Attacks on healthcare records will be among the main threats faced in the next few years, ZeroDayCon in Dublin heard.

Ransomware is where hackers infiltrate a company’s systems and either steal or lock down its data so it cannot be accessed until a ransom is paid by the target firm.

READ SOME MORE

The conference heard that new tools, such as IBM’s Watson artificial intelligence software, were in some cases now proving better at identifying security threats than human analysts.

Hank Thomas, of Strategic Cyber Ventures and formerly of the National Security Agency in the US, said ransomware targeting the healthcare industry was a "very scary thing", because healthcare data contained a lot of "blackmailable" information.

But he said hacking as a “facilitator of broader information warfare campaigns” would also be an issue in the future.

‘Litany’ of threats

Mr Thomas urged companies to have a team in place to deal with security incidents, including people to deal with law enforcement officials.

There was a “litany” of attack threats, including from nation states, he said. But much of the problem was about lack of investment in cybersecurity.

“If you want to raise the costs of doing business for your adversary, you want to make them never want to come back to your organisation, whether they get arrested or not,” he said.

Mr Thomas said the ultimate goal was to collect enough evidence to provide to law enforcement to “take these people off the streets”.

Alan Bambury, enterprise architect and chief information security officer at Kerry Group, said the biggest issue with cybercrime was the "lack of prosecutability".

Citing a personal experience of being targeted by scammers over the phone, he said: “I can’t report that crime. If somebody called to my door and tried to defraud me I could report it to the guards.”

Kurt Pipal of the Federal Bureau of Investigation's counterintelligence and cyber divisions, said he believed more threats would be aimed at big data and that "healthcare is going to be a big one".

But he said there would also be “non-traditional avenues of attack” on companies that had never previously been exposed and that had probably never invested in cybersecurity.

Asked during a panel discussion why governments did not do more to invest in policing for tackling cybercriminals, when “most of our physical world” was in cyberspace, Mr Pipal said there were places in the US to report cybercrimes.

Cyber-incidents from all over the world were reported to the Internet Crime Complaint Center, known as IC3.

As to why governments did not do more, he said that this would involve “privacy issues” and this was a matter for each government.