Data is the currency of the cyber world
Long cited a case whereby two young girls sent pictures of themselves to a man who then threatened to use the pictures online to shame the girls. This is a well-used technique to coerce minors in particular, into ever more sexualised behaviour. The two girls were each contemplating taking their own lives as the only way out of what they saw as a hopeless situation.
Fortunately, Long reported, they contacted Childline, where they received counselling and support to move beyond such thoughts, but also to provide evidence to prosecute the coercer.
Long said that online stalking of young people by young people is becoming an increasing problem that requires wider help.
How your child responds, she said, very much depends on how you have equipped them to deal with things.
“If we don’t take this seriously, we will regret it in coming years,” Grainia Long, ISPCC
This all is occurring to a backdrop of a 300% increase in sharing of images among young people, she said.
Long argued that a single, national approach to cybersafety online is needed, which needs to be set out in the strategy. This requires a genuine partnership between government and industry. The UK a good example in this area, said Long.
Ireland has not yet ratified the convention on cybercrime, said Long, and this is simply not acceptable.
“If we don’t take this seriously, we will regret it in coming years,” said Long.
Old ways, new ways
Other speakers at the summit highlighted that not only must new ways to tackle cybercrime be developed and deployed, but we must update our thinking in terms of existing devices too.
Gary Tierney of HP, highlighted the fact that in most businesses, the printer is now effectively a computer and needs to be treated as such.
The hackers have already realised that printers can be a pathway into enterprise networks and cited examples in the US of smart phone-equipped drones flown high up near skyscrapers to wirelessly connect to unprotected printers.
Printers must be on the security risk register, Tierney stated.
He said that HP had taken the experience of its security division and applied it to printers in the same context as protecting a server. The BIOS of the device is checked for changes, while a whitelisting system protects the firmware. Run-time intrusion detection protects the memory and a security manager monitors the network for unusual activity.
Protect, detect, recover, said Tierney. Each part of the strategy must be clearly defined and implemented, just as it would with a server or PC.
In a similar vein, Jason Steer of Menlo security highlighted that browsers using the now decades old Document Object Model (DOM), are inherently insecure and no longer fit or purpose. Steer showed that when loading some popular Irish web sites, browsers based on the DOM could make as many as 30 different background script calls, each one an opportunity for compromise.
John Dyer of Darktrace described how the company has developed a new approach to security based on machine learning and algorithms that goes beyond the scan and compare methods of signatures-based systems in the past. This approach allows the system to detect the ‘unknown unknown’, argued Dyer.
Based around a technique developed from the mathematical concept of recursive Bayesian estimation, the system learns ‘normal’ and detects emerging insider, unsignatured and external threats.
Machine learning and algorithms are used to create a model of normal behaviour for every single entity on an enterprise network, to be able to identify anomalies or malicious activity to isolate, contain and mitigate, said Dyer.
“The key here is the speed with which problems can be identified and dealt with,” he said.
Dwyer concluded the summit on a positive note. He said that Ireland has a unique opportunity in the current cyber environment. Representing his argument in the form of a formula, he said that Ireland, to the power of cyber, multiplied by the cloud, over big data, equals a huge opportunity to lead in cybersecurity and data protection, becoming a centre for best practice.