THE cyber-crime attack on the HSE and the attempted attack on the Department of Health this week has brought home to all of us the fragility of web security.
Criminals believed to be well-versed in such attacks are suspected of being behind the ransom demand sent to the HSE.
The international crime gang, being variously called ‘Conti’ and ‘Wizard Spider’, infiltrated the HSE’s data system, and have demanded a reported €20m or so in order to release it.
The HSE has estimated that the cost of retrieving the information will run to tens of millions, but still believes, at time of going to press in any case, that retrieval is preferable to paying international criminals to provide the ‘keys’ to the withheld information.
We have been warned for several years now that such attacks were inevitable. These criminals are becoming more and more experienced and sophisticated, and it seems that designing systems that are beyond their reach, is becoming increasingly difficult.
What’s more, many governments and companies are finding that it is much more expedient, and even frugal, to pay off these underground operators, rather than spend weeks and millions of euro trying to retrieve the data by in-house methods.
While this strategy is understandable, it will just serve to propagate the practice and make sure that, in these instances, crime most definitely pays.
There is also a train of thought that paying a ransom would only serve to fund these criminal gangs, and enable them to become even more sophisticated and powerful.
As these cyber criminals have cleverly deduced, public service IT systems are an easy target. In many countries, updating computer equipment is not top of the list of priorities, where maintaining the services provided is seen as the most important aspect of their work.
Such attacks, if becoming more commonplace, are going to mean that governments will need to readjust their priorities when it comes to budgeting for the public service.
Computer systems can no longer be seen as an afterthought for investment – and providing security for them will become as important as providing the services they are linked into.
Many experts have come out this week to warn that anyone with a knowledge of the HSE’s computer systems would have seen this coming.
But you would not need a college education to spot that if our relatively small banks cannot even get a handle on computer-generated fraud, how can we expect our massive government departments, or a body like the 100,000-staff strong HSE to have any chance against expert cyber criminals?