One can imagine the contrasting emotions in the cyber world as the events of 2020 unfolded. For security experts, consternation at the thought of all those laptops, work phones and other devices being hastily hooked up to home networks. For the bad actors who prey on organisational weakness, nothing but glee.
The mass migration of data to the cloud had already begun to shift cybersecurity from IT departments to boardroom agendas long before the virus came along. But the unprecedented remote-working experiment – a resounding success, it must be added – has set off an alarm that is impossible to ignore. The door is now permanently ajar.
“An extremely hot topic,” nods Pat O’Grady, Enterprise Ireland’s Lead Business Development Advisor in the Digital Technologies division. “Without a doubt, cybersecurity is now the number one issue in IT and the switch to a hybrid working model during the pandemic has raised further questions for organisations, on top of questions that were already there.”
Last year, a survey of more than 5,000 organisations in the US, UK and Europe found that 61% had been targeted by a cyber-attack in 2019 alone, up a colossal 45% from the previous year. (How Ireland became the go-to country for cybersecurity solutions – The Irish Advantage)
“Well, there’s a logic to the increase,” says Sarah McNabb, Enterprise Ireland’s UK Digital Technologies Market Advisor based in London. “Everything has moved to the cloud now, so the sheer amount of data that’s ‘hackable’ has increased significantly.
“Traditionally, there’s been a blind spot when it comes to cybersecurity,” she says. “A lot of companies used to think ‘It’ll never happen to us’, but digital transformation has changed that. Managing directors are seeing what cyber-attacks have done to other organisations, so awareness of the threat is sky-high. Cyber is no longer seen as an added expense; there’s an ROI attached to it that is understood and respected at Board level.”
The threat is very real, and the costs are staggering. According to the Washington DC-based National Cyber-security Alliance, some 60% of small businesses that suffer a security breach go out of business within six months. Research by IBM, meanwhile, has found that in 2020, the average data breach cost an organisation in the region of $3.8 million. (How Ireland became the go-to country for cybersecurity solutions – The Irish Advantage)
Enterprise Ireland is one of many stakeholders helping to raise awareness of the need for organisations to protect themselves. Ireland’s trade and innovation agency provides funding to Cyber Ireland, an alliance of industry, academic and government bodies that represents the needs of the cybersecurity ‘ecosystem’ in Ireland. The Irish education system plays a part too, with dedicated cybersecurity degrees at graduate and postgraduate level.
With over 50 cybersecurity firms now based in Ireland – including the world’s top five security software providers – Enterprise Ireland also has a growing cohort of 60 indigenous clients in the cyber space. The sector is expanding at breakneck speed as more firms call in the experts, but the problem remains a very human one.
“Government agencies like ourselves can lead on this, and any company worth its salt has already put measures in place, but it comes down to the individual,” says Enterprise Ireland’s Sarah McNabb. “It’s up to management to set policy and show a good example, but ultimately security comes down to human behaviour and that’s the chink in the armour.
“We’ve seen time and time again that it only takes one employee to click on the wrong link,” she adds. “You can have all the tools and technology in the world, but they must be backed up by education and by individuals at all levels consistently doing the right thing. It’s the only way to ensure there are no weak links.”
Today, more and more people and organisations are vulnerable, as hacking has become an increasingly rewarding criminal activity. From health services to aviation, there have been many examples of hackers preying on organisations and sectors globally that are already going through challenging times, regardless of the organisation’s status or size.
“We say it all the time, it’s now a question of when rather than if,” says Enterprise Ireland’s Pat O’Grady of the potential to be targeted. “It’s no longer just blue-chip firms that hackers are going after, it’s companies of all sizes, in any sector. SMEs are actually more likely to be targeted because they mightn’t have the same budgets or security structures in place and that makes them vulnerable.
“We have some of the most sophisticated solutions providers in the world operating here in Ireland,” says O’Grady. “These firms can step in and run simulated attacks to identify what the main risks are, then work in partnership with that company to install measures designed to keep the bad guys out.”
According to Thomas Kiely, Enterprise Ireland’s Information & Cyber Security, Project Manager with Enterprise Ireland, the following are some of the key cybersecurity issues that organisations must focus on.
- Expert Security Consultancy Services in areas like compliance, ISO certification, incident response and investigations. These are difficult skills for a business to acquire so having an external partner can help. A number of Enterprise Ireland’s clients offer these services including Integrity360, SmartTech 24/7, Kontex and Evros.
- Security Awareness and Training in how to identify and spot risks such as phishing emails. Companies such as Cyber Risk Aware offer learning platforms that include e-learning training courses, micro learning content and challenges that can integrate into the Microsoft Office 365 platform.
- Phishing Simulation Platforms that send test emails to staff to assess the level of awareness within an organisation and offer additional focussed learning when required. This process can be really time-consuming so having a platform that can build email templates, schedule campaigns, provide focussed training, automation and reporting for management is especially helpful.
- Email and Web Filtering that allows certain websites, either malicious or specific categories of websites (such as gambling/gaming) to be blocked. Enterprise Ireland client TitanHQ specialises in this type of filtering technology.
- Mobile Device Security in the shape of a controlled BYOD policy that locks down or secures company apps on a device and keeps them separate to other apps. Organisations may also want to restrict access to only corporate devices for further protection and full control, as well as the ability to remotely wipe and manage security settings. CWSI is a leader in mobile device management, offering policy guidance and practical management advice.
- Managed Detection and Response which enables 24/7 monitoring of a network; ideal for companies that may not have large IT departments or the ability to constantly monitor their networks.
- IP and Vulnerability Scanning via pen tests on a company’s external network to identify potential weaknesses. This includes scanning all company IPs or carrying out pen tests on company websites or client portals that could potentially be used as an attack vector. EdgeScan is one of the best in the business.