NUI Galway Leads New National Research Initiative on Digital Security

NUI Galway is taking the lead on a new national research initiative in digital security that will apply data analytics to cyber security and Artificial Intelligence (AI). The initiative will be led by the University’s Discipline of Information Technology, the Insight Centre for Data Analytics and other national research centres across Ireland.

Digital security has many dimensions, ranging from protecting the privacy of individuals and their data to protecting physical and societal structures from disruption, everything from pacemakers to power plants, to government agencies and electoral systems. As the world becomes increasingly interconnected and we continuously expand our digital presence, data management and data analytics are of fundamental importance to privacy and security.

A workshop will be held with industry in June to identify industry needs and how they can be addressed in the future. This new Irish initiative is timely in light of the recent malicious software program called WannaCry (also called WannaCrypt), a form of ransomware that has spread rapidly across the world. The program takes advantage of a weakness in some versions of Microsoft Windows to spread from one computer to another across a network.

When ransomware infects a computer, it blocks anybody from using the computer by encrypting (scrambling) all of the data on the computer. It then demands that payment of about €300 be transferred to an anonymous account, in order to get keys to decrypt your computer and get your data back. It threatens that it will delete files after a few days if payment is not made. While the people behind WannaCry are not known at this time, usually the perpetrators are organised criminals.

Commenting on the new national research initiative, Dr Michael Madden from the College of Engineering and Informatics at NUI Galway, said: “There is excellent research taking place across Ireland on cyber security at present, but it is somewhat dispersed and lacks visibility. Therefore, we are seeking to establish an all-Ireland, world leading collaboration, performing research on protecting our increasingly interconnected society and our citizens from digital threats.

Like all countries, Ireland faces significant digital security threats. More than half of Irish companies have reported a data breach in 2016. Cyber crime is estimated to have cost Irish companies €600 million in 2015, and this is projected to reach €1 billion by 2020. In addition, we have seen large-scale data breaches experienced by multinational organisations internationally, such as Yahoo and JP Morgan, even before the recent disruption caused by this new ransomware.”

There are opportunities for Ireland in developing a new research capability in digital security. For example, there are new industry clusters and in-company units in cyber security emerging in Ireland, and they have a growing demand for well-educated staff. State agencies recognise that there is potential for new foreign direct investment and indigenous employment growth.

By harnessing the synergies between academics, industry, state agencies, and international collaborators, Dr Madden and his colleagues aim to improve the country’s resilience to threats and contribute to the growth of this new employment sector.

Dr Madden acknowledged that there have been previous ransomware programs, but this one is notable in how fast it has spread through organisations in about 100 countries across the world. It has hit many high-profile organisations, such as the UK’s National Health Service and Telefonica in Spain. It is also notable because the weakness in Windows that it exploits is associated with software that was developed by the US National Security Agency, and leaked onto the internet a few months ago in a separate attack.

If attacked by ransomware, law enforcement agencies recommend that people do not pay the ransom. In some cases, the ransomers demand more money after receiving a payment, and in others, they fail to decrypt the data even after paying the ransom.

Dr Madden at NUI Galway, added: “If you have kept backups of your data, the best solution is to wipe your computer, re-install all of your programs, and then restore your data from backups. Your email will probably not be affected since it is held on remote servers separate from your PC. Your documents will be affected, so they are the most important to back up. Family photos can be a big loss, so you should back them up also, or use a cloud-based photo storage/sharing service.”

While the prospect of having all of your data held to ransom is a worrying one for people in homes and small businesses, there are a few pragmatic things people can do to help to protect themselves against attack by backing up data, keeping computers up to date, and be vigilant.

The initial infection often comes from opening well-crafted email attachments or infected code downloaded from a website, and there is a need to be very vigilant about such emails. If in doubt do not open it. It is likely more of these issues will crop up as the number of network-accessible devices in our homes increases. This particular attack exploits Windows PCs, but future attacks could easily exploit phones, tablets, and internet-enabled devices.

Steps to safeguard against attacks like ransomware:

• Make sure you have backups in place for your important data, and that they are running correctly – as mentioned above, the best response to a ransomware attack is to erase your computer, reinstall your programs, and restore your documents, photos, and other data from backups.
• Have Windows auto-updates turned on – there was an update from Microsoft about a month ago, to fix the specific weakness that was exploited by WannaCry, but new ransomware programs will make use of newly discovered exploits.
• Have Windows Firewall and Windows Defender active, and if you have your own anti-virus software, keep it running and up-to-date.
• Whenever you receive an email message with a link or attachment, take great care to ensure that it is legitimate and expected, before clicking on the link or opening the attachment.
  If in doubt, just don’t open links or attachments. Contact the sender to verify whether they really sent the message.