Cybersecurity Awareness Brief Q3 2021

• Recently HSE & the Department of Health were the targets of Ransomware Attacks.
• Several Internet Service Providers are experiencing DDOS attacks rendering services intermittent.
• HEAnet, the government education network, is also being targeted.
• Numerous reports of Small & Medium attacked with Ransomware, i.e., Muckross Hotel
• According to the National Cyber Security Centre, the level of Threat is at an all-time high.

• The HSE attack was sophisticated, but only due to the size and scale of the HSE, the methods in which the groups gained entry to the networks was not.
• We are appealing to all users to remain vigilant and follow the steps below.
• We will be engaging all owners, directors and managers to take appropriate technical and operational measures to protect the technology assets of the business.

• More Cybersecurity buzz talk from DEITG and the news over the coming weeks
• Increased enforcement of Cybersecurity Controls from DEITG
• Increased enforcement of Cybersecurity Controls from your Customer, Suppliers, Partners
• Interruption of some Internet & Web Services due to the ongoing Attacks
• A Cybersecurity Review from DEITG to improve the Resistance Strength of your IT
• A heightened sense of security from everyone.

The Cybersecurity Threat Landscape is fast-moving; with this in mind, we ask that you remain vigilant and alert while using devices, data, applications, and networks.

Depending on the type of breach or attack, do the following:

Threat Scenario: 

1. Disconnect your computer from the network – via network cable or power down the computer.
2. Inform your direct manager immediately
3. Have as much information as possible to provide to the IT Helpdesk such as your computer name, serial number, time of the event, what is the potential cause of the event, or how did it start
4. If an Application/Cloud Portal, i.e. Office 365, is compromised, have your Credentials to hand
5. If credentials such as a username or password are compromised. Think about whether those credentials are used elsewhere and change those passwords
6. If your email is compromised, do not send emails – contact the IT Service Desk via phone at 021 2429417
7. If you do receive weird, suspicious emails and want them checked out, attach them to a new email and send them to support@deitg.com

How the company handles Risk is essential. However, we may not see all Risk Scenarios, so we need help and direction from our users. As mentioned, the Cyber Threat landscape moves fast; if you see potential Risk, threats, gaps in security or possible scenarios that would result in loss of data, business downtime or Risk to employee privacy, please email support@deitg.com. This Risk will be added to the Risk Register and reviewed quarterly and when threat levels are high.

1. Phishing – You are sent an email you should not click on a link to change a password or login to an online portal
2. Malware – You are emailed a file you were not expecting, which contains malware that installs on your computer
3. Impersonation – You receive an email you were not expecting from another employee, Customer, supplier asking for a call to action – these emails can be identified as the email from address is different to your company domain
4. Malvertising This is a form of malicious code that distributes malware through online advertising—can be hidden within an advert, embedded on a website page, or bundled with software downloads.
5. Web Browser Threats: Web-based exploits Do not visit or attempt to visit potentially malicious sites or sites known for having possible malvertising or popups such as pornographic or gambling sites
6. If you are unsure or suspicious of any email or computer activity – contact the IT Service Desk via email at support@deitg.com