 Good morning everybody. I'm going to talk to you today about maybe focusing a bit more on Ireland and cyber security, cyber crime in Ireland. So our assert is a assert I set up in 2008. We're actually a voluntary body. So everybody involved in the assert are all volunteers. So we're various experts from the security community here. And we provide our services to the Irish business community for free. So if you go to our website, you can sign up and we create alerts. And what we do is kind of what Stephen and Olivia are talking about is we collaborate and we work with other search throughout Europe in response to instance, be they based here or be they based elsewhere. And we're closely tied in with the cert networks with TFC cert and First.org as well. So when we look at the world and look at the map, physically Ireland is a small little dust way up there on your left-hand side. We kind of look physically we're tucked away in the corner. We're nice and safe. But I think what we've seen today this week in particular is that while we may be physically surrounded by water, we're actually electronically and cyber and through different networks. We're connected worldwide and we can reach out to anybody in the world and anybody in the world can reach out back into us. And our economy is very dependent on the digital environment and infrastructure. Eight of the top 10 global ICT companies are based here in Ireland. Nine of the top 10 global pharma companies are based here in Ireland as well. Six of the top 10 global games companies are based in Ireland. I think if anything, we should be congratulating IDAR and the great work they're doing in getting these businesses here. 17 of the top 25 global medical device companies are based here in Ireland. 10 of the top 10 borne internet companies are here, so Facebook, Twitter, et cetera. They're all based here in Ireland as well. 50% of the world's leading financial services firms have a presence here in Ireland as well down the IFSC. And I think very importantly for us here in this room, 94% of Irish enterprises depend on the internet for business. So I think what those statistics show is that computers, internet, and networks are very crucial to how we do business today and how we maintain business as well. And I think these are just some of, you know, just highlight how important cybersecurity is. These are a number of organizations in the past 12 to 24 months that have had a cybersecurity breach in some way, shape, or form. I'm not going to go through all the different ones there, but you can see some very big, well-known names there. They've all reached the front page of the headlines, and I think, you know, this week is not going to go without talking about loyalty build, where they've had a security breach who has impacted hundreds and thousands and over a million people throughout Europe. So security is being very, is more and more critical to businesses. So we actually run our own cyber crime conference and we have it on next week, and what we do is each year we take all the statistics of all the instance that are reported to us. So these are instance that are reported to us. They come to us from other certs outside the jurisdiction. They come to us from private sector companies that are do a lot of work in this area to alert us that there are potential problems here in Ireland, and they come to us from companies here in Ireland who report to us for us to reach out to certs in other jurisdictions to help deal with cyber crime. So these are just instance reported to us. There's probably, I know there's a lot of people here from different companies working in security consulting and services, and they're all flat out busy. So, you know, there's a lot more going on than just what's been reported to us. But I just want to break down some of these instance because what tends to get the headlines is the major data security breaches. So the loyalty built instance is grabbing the headlines. But criminals are looking to break into people's networks not just to steal data. Data is very important to them, be that financial data which they can abuse and commit fraud, but intellectual property. So they're looking to break into companies' networks to steal intellectual property which they can sell to competitors. They're looking for personal information that they can sell on. Your online personal data, like I'll leave you talked about for $2, you can take down your competitor's website or the DDoS attack. Your online data is worth about $1 to $5 depending on how much information. So your email address, your name, your date of birth, all the information is sold online. A credit card that has fully a credit balance up to maybe $15,000 can typically get between $1 to $5 on the on the on the ground market. And it's a supply and demand. These on the ground markets, they're like the criminal equivalent of eBay and they rate each other, you know? Yes, Brian, he's a free trust where the criminal, he's a five-star, you can sell your credit cards to him, he's gonna give you money. Olivier don't trust him so much, he's only got two-star, he never delivers all the credit card data is not as valuable. But they're dealing with these things and Olivier did highlight, you don't need to be a technology guru to do this. All you need is a credit card. These services are out there. So criminals are using these things and for those DDoS attacks and those spam runs and some of the statistics that came up in Steve's presentation, those other type of attacks, they need the infrastructure to do it. Now criminals aren't going to go to a data center and hire and pay for a server. They're gonna break into your networks and use your network bandwidth, use your server bandwidth and use your PCs to control and operate things. So for example, they run botnets. So this is where they send out viruses and infect hundreds of thousands of computers, even millions of computers around the world and they now control that network. Your computer, if it's infected, you will not notice it because they don't want that to happen. They want to use your computer. And if they want to attack a website in a DDoS attack, they've got their $2 for somebody to attack another website, they would just send commands out to those hundreds of thousands of computers and all those hundreds of thousands of computers would take part in those attacks without the owner's knowledge. That's how botnets work. So not only do they want to break into steal your data, they want to break into use your infrastructure as well and to store their information. So this may be a highlight for the companies. And a lot of the companies we deal with and the instance we've dealt with will be typically in the SME sector. And that's an area that I think has a lot of challenges when it comes to cybersecurity because they don't have the resources or the skills in this area. The larger companies and larger organizations do have dedicated in-house teams so they can deal with this threat much, much, much better. So, as I said, we had 432 instances. So we had, of those instances, 74% of them were where criminals broke into websites here in Ireland to host their fishing sites, to attack financial institutions or other institutions elsewhere. So this is where they break into a website. They wouldn't alter the original website. It still operates and works the way it should be. But sitting in parallel to that website, they have their fake website up that maybe it could be attacking Citibank. It could be attacking a bank from Japan. It could be attacking PayPal. And they send out their emails to try and fish that information and they direct the people to those websites. So they're using the Irish websites to host fishing sites. So that's 75% of the instances we deal with have been in that area. 19% were where they broke into websites to host viruses. So when you go to visit that website, the website looks normal and operates normally. But if your machine is now updated with good antivirus software or hasn't got the latest security patches installed on your computer, it will automatically download this virus and infect your computer. And the criminals will then use that then to steal your personal data, your financial data, or as I said to everyone, to try and use it as part of a botnet to attack other companies as well. And then 7% were instances where there was DDoS attacks and various other attacks. But you can see a good proportion, well over 90%, were based on SMEs. Based on our NASA information is, and we only do this in NASA based on the motivation of why would you host a fishing site? Well, that's because you want to steal people's money. So therefore, 95% of those instances is organized crime behind it. So the Irish typical image we have of the cyber criminal of some teenage boy stuck in a basement, playing heavy metal music and eating pizza and scanning machines and just trying to break in, that's no longer there. This is organized crime, these are organized criminals who see the opportunity and the growth to be able to attack systems and steal money. So organized crime is very, very heavily involved in this area as well. And we just talked about ransomware. We actually, last year, we had an instance of where criminals would break into the network of a company. And what they would do is they alter the backup tapes and the backup software for that company. So the backups would still run, but the backups don't backup any data. So it overwrites the media backing up onto it. So if you've got a tape for your Monday night backup, your tape is overwritten with nothing. Same with Tuesday nights, Wednesday nights, Thursday nights. So this continues on for a few weeks. You're quite happy getting your notification emails backup run successfully, but you're actually backing up nothing. Your tapes, in effect, are blank. They then come back in again and they encrypt your hard disk which is an interesting grade encryption key. So it can't be decrypted. Now your first reaction when you respond to this is, oh, that's great. I'll just go get my backup tape. I'll do a restore and I've got my data back. But you did put your tape in the tape machine and you've got no data. So now as a business owner, you are stuck. Do you pay this ransom? As you can see there of 3,000 euro. Or do you rebuild your data that you've spent thousands of manors putting into place? In all the cases, we're aware of that people have ended up paying the ransomware to these criminals. In actual fact, one guy actually had a customer rating website that if you went to the website and gave them a positive rating they'd give you a 20% discount on the ransom. These people are business people. They're in to make money. And when we actually went into it and Steve talked about black swan events like Stuxnet and everything else and even loyalty build, they're all grabbing the headlines or the big news and it's what gets the media and grabs people's attention. But when we looked into those instances, this is where the root cause of the problem is. It's poor passwords. It's people using the same passwords across different systems. It's people using password one as their password or if they're gonna be really sophisticated using password one, two, because the next number is gonna make them more secure. So it's poor passwords and poor password management that have caused the problems. Missing patches where servers have not been patched. The web servers have not been patched so the company's invested in getting a new website and the website being put up. Website goes live and they forget about it. Now to me that's akin in this digital age of opening up a shop front on a main street in the town and not painting it every few years and not keeping it tidy because it dilapidates. Your website, the same thing. You have to keep it maintained. You have to keep it updated and secure. But many companies forget about that and then we can have these attacks. Or likewise on the other side where PCs are compromised is computers not having the operating system patches or updated antivirus software on it. And there's been a lot of attacks on particular web platforms. So it's very common to use different web platforms to create websites and very often these platforms will end up with vulnerabilities in them and you can have these mass attacks. So there may be a vulnerability found in a particular web platform today. The criminals will find out about it. They will write an automated tool to scan the internet for those vulnerabilities on those platforms and then compromise those websites. And one of the big things is out of date antivirus software where antivirus software has not been updated and that has a lot of infection to have. But I suppose overall the big things is lack of monitoring. So there is a lot of data in companies networks. The security devices that are there, the antivirus software is monitoring what's going on and being aware of what's happening in your network and reacting to alerts that you've got security breach or a potential security breach. That is a big thing because all of those 432 instances that we were involved in, not one of the companies knew they had a security problem until they were contact about us. So I think that's a pretty startling statistic that these companies did not know they had a security problem until somebody else told them. If somebody broke into your business and kicked on your front door or broke a window to get in, you would know straight away the next morning because you can physically see that you can monitor your physical presence. You need to monitor your online presence as well. So hopefully that's an area from education awareness that people can try and improve. So what I would suggest and what we need to do is make people more aware of what the threats are out there but even more aware of how to deal with those threats and what simple steps they can take to increase and enhance the security such as making sure users are using secure passwords that patches are applied, that systems are being monitored properly. Because we have a long history of security. There's Dunengas on the West Coast of Ireland. It has the layered security approach that we all talk about. Those rocks are the very front there. They're all angled and built into the ground so that you approach in the fort, you have to weave your way around. There's multiple walls that you have to get by. And each of those walls, the entrances are not, they're all in different ways so you have to work your way through. And of course on the back of it you've got a huge cliff. Now today that's not very good to defend against an air attack or somebody throwing mortars into it but it still is a layered approach and that's what we should be doing with our networks as well. Typically again in lots of networks we have perimeter security but inside the network we don't have any security and once you're in you have access to everything and anything. So companies need to look at ways how to layer that approach and layer their defenses as well. And we do need to maybe reiterate that the message coming through this morning is cooperation. We do need to share information and good information so that we can react to it and we can work on it. And we need to work better within the industry and within the community and with law enforcement and other agencies because one thing that frustrates me is that a lot of those issues that we've probably dealt with have probably not been reported to Angarashi or Kona. So if we don't know what crime is happening in this space that is so critical to our environment how can we ensure the proper resources and the proper people are being given to it to tackle it? I was happy to see Minister Schauer actually make a quote that this summer that cybersecurity is a complex issue that requires cooperation across all sectors to ensure the safety of our networks and infrastructure and I think it's great to see the attention at that level being given now to cybersecurity and hopefully that can drive a few changes throughout the industry as well. So I'd like to thank you very much for your time and I'd like to thank the IEA for the opportunity to address you today to maybe to highlight you and maybe bring the story a bit more local than what we've heard today. So thank you very much.