Eoghan Daly, Director of Cybersecurity recently featured in The Irish Times Special Report on Cybersecurity.
Protecting against cyber attacks may be costly but a business’s cyber security preparedness is priceless, say experts in the field. Globally, cybercrime is now estimated to cost $600 billion and global trends suggest even smaller firms are at increasing risk.
In recent weeks, the National Cyber Security Centre and Garda National Cyber Crime Bureau took the step of specifically warning small and medium business owners of the increased threat of ransomware.
In a letter sent to Ibec’s Small Firms Association, the organisations noted that there have been several smaller Irish businesses impacted by ransomware, heralding a change in the tactics of cyber criminals who had typically focused on larger organisations.
Many people in business did not adequately appreciate the nature and extent of potential impacts that can be caused by a cyber incident, says Eoghan.
“They assumed that the main issue was theft of money, and that cyber-insurance could be used to cover the risk. The HSE incident demonstrated that cyber incidents can cause immediate and significant operational issues that can stop organisations in their tracks for weeks and months.”
This means that other sectors can be behind in terms of cyber awareness, he adds.
“Financial services have a mature and well-established approach to cybersecurity [but] the picture in other sectors is mixed, and it is difficult to say some are more at risk than others.”
He also says that public sector organisations have been constrained in their investment on IT infrastructure and many are using dated equipment and software that is more difficult to keep secure. Like many organisations, they are also struggling to recruit security professionals.
According to Eoghan, even if businesses are cognisant of the risk, often the practical understanding of what the risk means in practice is missing.
“Addressing ‘cyber risks’ can be complicated by the gap between a risk and the practical measures implemented to address the risk. Resources are limited and it is impossible to address all risks – businesses need practical approaches that deliver tangible outcomes,” he advises.
Content adapted from The Irish Times.