The idea of a Government CIO was first mooted in 2009 by the then Taoiseach Brian Cowen.

However, since then there has been no appointment and the matter hasn't resolved itself since the new Government came to power last year.

The ultimate question is does the State need a CIO?

The real answer to this question appears to be no, because as revealed in December by the Minister for Public Expenditure and Reform Brendan Howlin TD a different tack will be taken in relation to the management of the State's IT assets.

As part of a proposed a set of plans that will see the number of people employed in the public sector drop by 37,500 to 282,500 by 2015, Howlin recommended appointing a Public Service CIO Council to assist and drive ICT and e-government initiatives across the public sector, beginning this quarter.

So, no State CIO - instead a Public Service CIO Council.

Time to learn the lessons of PPARS and move on

At the EMC event this afternoon Minister Rabbitte acknowledged that there is a need to break free of the 'silo mentality' that prevents State IT systems between various departments from talking to each other.

He said that plans are afoot to bring forward a Government Cloud Strategy and discussions are underway with various industry leaders. "In tandem with this we are working on a Cloud Computing Research Centre."

Rabbitte said that greater efficiencies are needed in terms of State IT and said that a new post code system that will give homes and businesses a "unique identifier" is about to go out to tender.

In relation to e-government and greater efficiencies that can be gained from cloud computing, Minister Rabbitte says its time to no longer allow the memory of IT failures like PPARS get in the way of progress.

“We hope that the system has learned and in terms of strategy we will be looking for the capacity of the cloud to help resolve issues that were unthinkable when PPARS was on board."

He asked openly was PPARS a system failure in Government or how the project was managed and delivered.

“These questions are being looked at."

Pointing for the need to use IT to ensure greater efficiencies in departments like Social Protection he said: "The investment would be minor given the annual €20bn budget [for that department] and we have to come up to speed to operate the system in a way it was designed rather than allowing waste or fraud to happen.

“A cloud for government could eliminate risk," Rabbitte added.

The laptop/notebook has emerged as the mostly widely owned mobile communication and computing product among CXOs in Europe, with an impressive 98 percent of the surveyed population using or owning one, finds Frost & Sullivan’s recent survey. More than 75 percent of CXOs surveyed have one tablet computer, while 20 percent report owing two or more tablet computers citing family needs, business/private use, and different locations.

CXOs want their laptop/notebook to work every time they use it and that all other features are secondary compared to reliability and product quality. Dell continues to be the most owned brand of laptop/notebook since 2009; however, European CXOs perceive Apple as the best brand.

PC ownership is declining

“Compared to Frost & Sullivan’s 2009 research, desktop personal computer ownership is declining, while tablet computerownership is rising,” says Christina Alfaro, Frost & Sullivan Research Analyst with Frost & Sullivan’s Customer Research Team.

Nearly all CXOs report owning/using Apple tablet computers, which are largely bought directly from manufacturers. Similar to laptops, the most important attributes in a tablet computer are reliability, overall quality, and screen clarity. The majority of CXOs have e-readers or use tablets as e-readers. More than eight out of ten of them use their e-readers during leisure time or business travel.

According to the survey, there has been a dip in the use of smartphones for purely business purposes in 2011 compared to 2009, as smartphones are also popular for personal purposes. “Overall, European CXOs perceive wireless communication and battery life as the most important smartphone features,” notes Alfaro. “However, most CXOs also rate overall quality and ease-of-use very highly, while security and applications compatibility are viewed as less important.”

In 2011, the most owned brand of smartphones was Apple, while in 2009, it was Blackberry. As ownership increased for Apple, it declined for Nokia, HTC, and Sony Ericsson. Most CXOs perceive Apple smartphones as the overall best brand of smartphones, followed by BlackBerry.

The operator said the breach is a result of the theft of three laptops, two laptops from Eircom's offices at Park West, Dublin, and a third laptop stolen from an employee's home.

The incidents were immediately reported to the gardai and two separate investigations are ongoing. There is no evidence at this time that the data at risk has been used by a third party.

"Eircom treats privacy and protection of all data extremely seriously and we have taken the following pro-active measures to address the situation," Eircom said.

Eircom said that more than 20 customer care agents and account managers have initiated a contact programme to telephone all 550 customers whose financial data may be at risk.

"The agents will notify the customers of the risk and inform them of the specific data involved. They will also answer any questions or concerns they may have. In addition, all impacted customers will be notified by letter.

"As a precautionary step, we have contacted the Irish Banking Federation, who has notified their members of the potential risk to data for affected eMobile and Meteor customers," Eircom said.

Meteor customers who believe they may have been affected can contact the company at 1800 444 085 or go to its website.

eMobile business customers can contact the company directly on 1800 428278 or can visit its website.

Impacted staff have also been notified of the incident. A review of the group's encryption policy is under way, to ensure all computers and laptops are compliant with the group's encryption policy.

Internal investigation into theft from Eircom offices at Park West

Eircom said that during the internal investigation, it emerged that the two laptops contained personal data for some current and former eMobile and Meteor customers.

"Specifically, there is a potential data risk for 6,441 current and previous eMobile business customers, dating from August 2010 until December 2011. The data at risk for the vast majority of customers is personal data, including names, addresses and telephone numbers. There is a small group of approximately 146 customers where financial data, including bank account details, may be at risk.

"Separately, there is also a risk to data held within 404 Meteor customers. The data specifically concerns post-pay customers who applied online between January and July 2011.

"The personal data at risk includes details such as an applicant's name, address and telephone numbers, as well as a range of documentation used to support a customer application, such as passport and driver's licence details, various photo IDs or utility bills, which all may have been used to establish proof of identity. In some cases, financial data, such as bank account, laser or credit card details, is also at risk," Eircom said.

The laptop stolen from an employee's home has yet to be recovered. An internal investigation has verified that the names and addresses of 686 Meteor employees are at risk.

How big is your organisation – how many users across how many sites?

About 440 across 11 locations in Ireland, UK, France, and the Netherlands.

What major business applications do you use at ICG and do you prefer to build or buy?

As a group of companies, we have a multiple line of business systems that report into SAP financials at group level. We prefer to buy where possible.

How would you describe your own approach to IT?

Like any other functional area in business, it won’t work properly without good people, so make sure to hide amongst them!

You're on record as preferring to outsource where possible, so maybe you could explain what are the business benefits to ICG by taking this approach?

Generally, to achieve cost savings, but also to get better access to skills and new technologies, and to improve service levels.

Do you have a preference for using indigenous IT service companies and consultants, or do you opt for the multinational names?

We have plenty of high-quality resources in Ireland and I prefer to use those where possible.

How do you stay on top of developments in IT that could help your organisation, and how much time do you spend on this?

It’s an ongoing process of keeping an eye on tech media, exchange with peer contacts and networks, as well as more formal conferences and vendor events.

Have you have any plans to add to your own skills this year and if so, in what area?

To develop a greater understanding of the standards and frameworks for IT.

Do you see your role primarily as a technical one, or a business one?

Understanding the technical stuff helps, but it’s definitely a business role.

Has your 2012 IT budget increased, decreased, or remained the same as last year?

About the same as last year.

What's your main IT project for this year?

If I had to pick a single project, it would be business continuity.

What IT initiative are you most proud of?

A really complex piece of development that I built early on in my career which convinced me I had found something I could be good at!

What has been the hardest challenge since you took your current role?

There isn’t always a right way of dealing with people who find themselves in difficult situations.

What technology trends are of most interest to you personally and to your own organisation?

Understanding our data, and for our B2C customers, their behaviour.

Cloud computing: vendor hype or business revolution?

Largely vendor hype, we’ve all been building private clouds for years, it’s just a scale/cost argument.

Bring your own device to work: a logistical nightmare or a trend to be embraced?

A trend to be embraced.

Canpolet suggested that the exploits left a large number of modems in use by Eircom customers open to attack.

"ZyXEL would like to confirm that there is absolutely NO security issue with our P-660 router. The vast majority of our routers throughout the UK run an operating system called ZyNOS, our proprietary Network Operating System. 

"Our team of technical consultants have run a series of tests this morning using ZyNOS system and have shown that the claims made by Canpolet and 'The Insanity Pop' are not true and totally unfounded. All of ZyXEL's products have robust security solutions in place to prevent against any security breaches."

Siliconrepublic.com spoke to Alan Turner, a technical consultant for ZyXEL who performed a number of tests based on Canpolet's claims.

Turner said the exploit is physically impossible. "You cannot do it from the internet side as he's describing it. The links in Canpolet's blog claim you can do it via the internet but you have to have access to the local area network in the first place. I would be surprised if any other vendor makes it possible to access the router's software via the internet."

Canpolet's blog claimed he was able to test three different exploits on his own router that enabled prestige unauthorised reset, ZyNOS configuration disclosure and prestige privilege escalation.

"It is possible that Canpolet was able to change the settings on his own router because he had LAN access to it. But even after that you are still challenged for the password."

Details of ZyXEL's tests

ZyXEL submitted the following account of its tests:

The ZyXEL technical team this morning analysed how this supposed attack took place. In the first instance, the exploit attempts to access various web pages within the router's Graphical User Interface, eg:

 -        Prestige Unauthorized Reset
·         ZyNOS Configuration Disclosure  
·         Prestige Privilege Escalation
·         Prestige Configuration Disclosure

With ZyXEL routers, this isn't possible because all management interfaces are disabled from WAN (internet) side access. If you attempt to access these pages from the WAN side then the router doesn't respond.

An end user is able to lower the security of their router by making configuration changes:

-        Set Remote MGMT to WAN & LAN/All
·       Disable firewall or make a firewall rule to permit WAN to WAN/Router access 

If an end user does go ahead and alter the router settings then that does leave them more at risk to a potential hack. Even so, in this event, a hacker will still be directed to the login process where they have to input the correct admin password. The end user is advised on the Graphical User Interface page where these changes are made that this password should be changed before enabling any remote access.

The new organisation - the Association of Data Protection Commissioners - will be established at the Irish Computer Society's annual Data Protection Conference in Croke Park tomorrow.

The Association will speak to the requirements of anyone who is striving to define a data-management strategy, establishing practical processes and structures for their organisation to achieve and maintain compliance with the Irish data protection legislation.  

Senior data protection officers from a broad range of Irish public-sector and commercial organisations will form the inaugural Steering Committee of the association.

“Ireland is facing into a period of considerable change in the area of DP with new European Regulations announced on January 25th, which are expected to take effect by early 2014.

"If recent drafts of the legislation can be trusted, there will be significant challenges for any organisation which manages personal data as part of its sales, marketing or deployment strategy," said Jim Friars, CEO of the Irish Computer Society.

“The Association of Data Protection Officers will support its members with the implementation of these new regulations," Friars added.

Citrix has an obvious stake in this trend becoming a reality, as its technology has been designed to put corporate IT applications on a raft of different device types.

However, it’s far from alone in backing the BYO message. Last year, a report from consultants PwC led the way in cheerleading the trend, suggesting it could help organisations improve their productivity and allow their IT to be more flexible.

Bo Parker, head of PwC’s Technology Centre and Innovation Group, said organisations that move to a model of owning fewer hardware assets are more adaptable to changes in the business itself or in the market.

“They’re looking for ways to become asset-light, or asset-on-demand, so what all these trends – the mobile trend, the office trend, the cloud trend – share in common is a way to reduce the asset heaviness of the company so that if it needs to change, it can and it’s not being dragged back by a lot of heavy assets.”

It’s a sea change from the previous IT delivery model, where the user had no say in what hardware platform or software they had to use for their jobs.

Seamus McCarville, head of IT with ferry operator Irish Continental Group, calls BYO “a trend to be embraced”.

Nissan Ireland CIO Rory Donnelly said the development was “good, within reason”. He went on: “If you have a policy that allows certain popular, mainstream devices (eg, iOS and Windows Phone), and you have the infrastructure to support and control them, then it’s not a problem. If you don’t have that infrastructure though, it could be quite costly to get to a position where you can allow BYOD.”

Both were speaking to Siliconrepublic.com as part of a new series beginning this Friday, The Five Minute CIO, which will feature Q&A interviews with Irish IT chiefs.

“I can confirm that the ZyXEL p-660HW-T1 v3 model running v3.70 (BOE.2) D0 | 03/01/2010 can be targeted and exploited,” Canpolet wrote.

Canpolet confirmed to Siliconrepublic.com that he has warned Eircom of the issue so that the operator can fix it.

He pointed out that the ZyXEL exploits, known in hacker terminology as “pwnage”, allow hackers to change and create an admin password, enable local admin logins, restart the device at will, change the router firmware and reset the device to factory settings, among quite a few things.

Canpolet said the vast majority of DSL broadband connections in the country can be theoretically hit by “pwnage” attacks.

He says the methods of obtaining a user’s IP address are endless and pwnage exploits are easily accessible online.

Canpolet was able to test three different exploits on his own router that enabled prestige unauthorised reset, ZyNOS configuration disclosure and prestige privilege escalation.

“You might think that this is a pretty minor amount of access to have on the router. However, allow me to run some ideas past you. Getting Admin access will allow you to destroy the box (requiring a hard reset), it will blatantly show you the Wi-Fi encryption key (allowing you to steal internet). It will allow you to bring down the network’s Firewall,” he pointed out.

Canpolet warned he will be posting more data soon on how such exploits will work on Vodafone and UPC routers and urged Eircom to fix these issues as soon as possible.

Canpolet describes himself as an Irish amateur hacker. “I am by no means a malicious hacker. I have no reason to destroy property, data or steal money from people, unlike a lot of hackers existing today.

“For this specific hack, I haven't written any of the exploits. I’m just sharing information I received and I'm presuming Eircom are not aware of these existing problems. I have average knowledge in security penetration testing and I'm completely self-educated in what I do.”

He then noticed a strange request among the calls and discovered that his entire address book - including names, emails and phone numbers - were being sent to Path without his permission.

Thampi repeated the process and discovered that once again his entire address book was being sent to Path’s servers.

The revelation has caused a storm of controversy online.

Path CEO David Morin responded by pointing out that the purpose of uploading the address book is to help the user find and connect with friends more efficiently.

Morin is steadfast in his belief that this method of finding and matching friends is important and said opt-in is coming soon to iOS. It was already launched on Path’s Android client a few weeks ago.

Either way, the revelation has brought into sharp focus what happens on sites like Path or Facebook when you grant apps certain permissions.

It’s a debate that’s long overdue, perhaps.

“A lot of the security focus is around the network – and that’s still important – but on the applications side there’s generally a lack of awareness among developers of a lot of the security issues,” he said. “It’s not uncommon to have a scenario where the software’s launch date is two weeks away before security tests happen.”

Application security is a growing problem, and appears to be getting worse. US firm Veracode analysed 9,910 business applications over 18 months and discovered eight out of 10 failed to meet acceptable levels of security, with standards declining since previous reports were compiled.

Challenges regarding application security

Ryan acknowledged that changing developers’ mindset is the challenge, since they tend to focus on delivering code that’s measured on features and performance. Another hurdle to overcome is the trend for many organisations to outsource app development, especially for mobile platforms.

“Because the mobile platform is pervasive and it’s driven by marketing, it’s developed outside the internal organisation but integrates with back-end data – it could be signing up to a new service or looking up a bill. If it integrates with back-end apps, it potentially opens up security holes,” said Ryan.

“External developers are being paid for functionality and fast delivery and security can often be left behind in those circumstances … at the last minute it’s a case of, ‘give it the once over to make sure it’s secure’. That’s not the way it should be done.”

Veracode’s survey, released in December, said Cross-Site Scripting (XSS) and SQL Injection found in software applications are two of the most frequently exploited vulnerabilities, which attackers use to gain access to customer data or intellectual property.

Last year’s headline-making PlayStation Network breach took advantage of a SQL Injection vulnerability, resulting in millions of compromised customer records.

Ryan said there is no need for organisations to leave security considerations aside when the likes of Veracode can provide cloud-based static application security testing on an ongoing basis. “Security should become part of the software development life cycle. Because the testing is automatic, it can become part of the process, you can test it as you go along. At the end of every week, it’s shipped up to the cloud services, you check all of the vulnerabilities that have been coded into the app and at that point you address them.”

Emerging markets continued to lead the way, with tech spending in the BRIC countries (Brazil, Russia, India and China) revealing another year of double-digit growth, and despite the impact of the hard disk drive shortage on PC markets, strong demand for mobile devices and software across most regions finished the year on a positive note.

IDC projects another year of 5pc growth for worldwide IT spending in 2012. Hardware and software spending are each forecast to increase by 6pc, with 4pc growth in IT services.

In 2011, businesses continued to invest in infrastructure upgrades, new software applications and mobile devices (including tablets).

These positive trends are expected to continue in 2012, when enterprise spending on network equipment will also accelerate, as many organisations invest in network upgrades to cope with increasing amounts of digital information, which will ensure another positive year for the storage market. By the end of 2012, the PC industry will also return to positive growth.

“There are risks to the outlook for 2012, mainly related to macroeconomic weakness in Europe, where IT spending is still weak,” said Stephen Minton, vice-president of IDC’s Global Technology and Industry Research Organization.

“In a downside scenario, things could get much uglier in Europe and have a ripple effect through other regions. But leading indicators in the US have improved in recent months, and emerging markets show no signs of a slowdown yet.”

The macroeconomic crisis in Europe has already had a severe impact on IT spending in that region. Overall IT investment was flat in 2011, with declines in spending on PCs, servers, storage, peripherals and enterprise network equipment. The recovery in Europe will be a long haul, with less than 1pc growth this year and 3pc in 2013, the IDC reported.

The call mentioned the case of Ryan Cleary who was arrested in June for being involved in the LulzSec hacker collective, as well as the activities of another hacker group, CSLSec.

It is understood an Anonymous hacker gained access to the call after hacking into an FBI agent's email.

The call begins with officers joking about Sheffield and McDonalds before they begin discussing the hacking activities.

The incident is the latest in an increasing spate of cyber attacks by Anonymous.

Yesterday, it emerged that the hacker group managed to launch a massive attack that temporarily blocked the websites of the US Department of Justice, the FBI, the Copyright Office, the Motion Picture Association and the Recording Industry Association of America in retaliation for the closure of Megaupload.com.

An independent report released by CA technologies reveals that European organisations are collectively losing more than €17bn in revenue each year from the time taken to recover from IT downtime.

This lack of disaster recovery planning is consistent with surveys carried out by MJ Flood Technology in 2007 and 2009, indicating an ongoing failure by organisations to protect mission-critical business data from unforeseen events.

The number of companies encountering data-recovery problems has also soared, up from 27pc in 2007 to 41pc in 2011.

Some 44pc of companies experienced downtime or system outages which exceeded their stated tolerance levels. More than one-third of respondents (35pc) said their business can withstand a critical IT system outage for one working day or more.

“An unacceptably high proportion of companies are failing to make adequate provision for data protection and recovery,” said Fergal Hennigan, business development manager with MJ Flood Technology.

“This is supported by the fact that 62pc have no budget spend allocated to disaster recovery. While we are encouraged that almost all organisations are performing daily backups, we believe that directors have a corporate responsibility to ensure that comprehensive risk mitigation is addressed as a matter of urgency.”

When questioned on the lack of disaster recovery planning, 38pc of respondents said disaster recovery plans were currently being drawn up. Fifteen per cent of respondents cited a lack of internal expertise, up from 4pc in 2009, and an equal number cited cost as a prohibiting factor, up from 12pc in 2009.

Blacknight recommends users update passwords used for Blacknight.com and be mindful of any unusual online account activity.

The breach is being investigated and steps are being taken to prevent it happening again.

Blacknight has notified the Data Protection Commissioner and the gardai about the issue. It has also notified Irish security professionals body Iriss.ie.

“We take our responsibilities to our customers very seriously and have already been in touch with the Data Protection Commissioner and have informed them of the breach," said Michele Neylon, Blacknight CEO.

Neylon was one of the organisers of last week's Stop SOPA Ireland petition which attracted more than 35,000 signatures.

“Blacknight is a secure company, however, data breaches are a reality that almost every online company must face. We are taking this opportunity to increase our security even further and apologise to our customers for any inconvenience this may cause."

More than two-thirds of respondents said they have a clear understanding of the current legislation around data protection in Ireland. However, the survey also found that over the last 12 months, nearly half of respondents said their companies experienced a data breach.

Fifty-eight per cent of these breaches were caused by a staff member more as a result of internal failure and lack of awareness than from external data theft.

Thirty-four per cent rated their companies as placing too low of a priority on data protection, while 28pc felt that the biggest threat to an organisation’s assets came from negligent employees.

One-third of respondents claimed they didn’t know whether or not their company had a formal data protection policy.

Three per cent believed that more punitive penalties should be put in place for breaches of data protection legislation and more than 50pc felt formal training and awareness programmes should be conducted on a regular basis to educate staff on data protection best practice.

New legislation passed in late January will address the issue. The legislation will require medium and large companies to implement a formalised data protection training programme and to appoint a data protection officer. It will come into effect by 2014.

“Employees might appreciate the importance of data security, but organisations need to instil a culture of compliant data management,” said Hugh Jones, professional services consultant with the ICS.

“Clear policies and procedures are vital, with regular refresher training and timely reviews to ensure that staff are complying with the structures. It is as much a case of protecting the organisation’s commercial reputation, as it is of protecting the individual’s privacy,” he said.

The survey comes prior to the ICS’ fourth annual Data Protection Conference, which looks and the new and upcoming legislation and emerging issues in data protection. It will take place on 9 February at Croke Park, Dublin.

“At this early point in our development cycle, I'm not able to share too much about Office 15, but I can tell you Office 15 is the most ambitious undertaking yet for the Office Division.

“With Office 15, for the first time ever, we will simultaneously update our cloud services, servers and mobile and PC clients for Office, Office 365, Exchange, SharePoint, Lync, Project and Visio. Quite simply, Office 15 will help people work, collaborate and communicate smarter and faster than ever before,” Hough said.

He added that Office 15 will go out for public beta at some stage in the summer.

To further entice recipients to open their messages, spammers used additional social engineering techniques by including parameters in the URL to suggest the email is coming from a social networking site.

Symantec Intelligence expects to see spammers leverage other upcoming “calendar events”, as well, such as the upcoming Valentine's Day on 14 February.

“We also expect to see plenty of spam and malware taking advantage of some of the major upcoming sporting events this year. We are already seeing references to the Summer Olympics in London as part of 419, or advance fee fraud messages,” said Paul Wood, senior intelligence analyst, Symantec.

“By relating their mails to widely-celebrated holidays and current events with global interest, spammers and malware authors can (at first glance at least) make their messages more interesting, and increase the chance of recipients visiting spam websites or becoming infected,” Wood said.

Internet users are reminded exercise caution when it comes to clicking on unfamiliar links or links coming from unfamiliar sources.

“Desktop computer transformation and optimisation on this scale across 100 locations is always a major challenge but particularly so in this most critical of environments - the delivery of healthcare," explained Stephen Stewart, Director of IT, South Eastern Health & Social Care Trust.

“SET was the result of two separate organisations and so we had to bring two different IT infrastructures together seamlessly," commented Eleanor Graham, Senior Project Manager, I.T. Alliance Group.

“The goal was to ensure increased business agility, better sharing of information and security and this was achieved against a tight deadline," added Niall Powderly, head of Products and Training, BT.

Capital expenditure was minimised through the recycling and redeployment of over 1,500 existing desktop PCs.

Stephen Stewart of SET added that the benefits included reduced total cost of ownership (including potential to reduce licensing costs); increased user productivity and satisfaction; reduced security risks; improved compliance; eliminating migration headaches in the future and improved IT service management of vital resources.

However, almost 27pc already use or plan to use cloud/SaaS options to augment their BI capabilities for specific lines of business or subject areas in the next 12 months.

“Business users are often frustrated by the deployment cycles, costs, complicated upgrade processes and IT infrastructures demanded by on-premises BI solutions,” said James Richardson, research director at Gartner.

“SaaS- and cloud-based BI is perceived as offering a quicker, potentially lower-cost and easier-to-deploy alternative, though this has yet to be proven. It’s evident that, despite growing interest, the market is confused about what cloud/SaaS BI and analytics are and what they can deliver.”

Gartner has identified three drivers for the adoption of cloud/SaaS offerings for BI, analytics and performance management:

Time to value: The use of SaaS BI may lead to faster deployment, insight and value, particularly where existing work and/or a limited budget constrains IT so it can't respond to information and analysis demands as quickly as the business needs.

Cost concerns: The cost dynamic differs between on-premises and SaaS models. Software purchased as a service can usually be expensed, rather than capitalised, on the balance sheet. Buyers often think SaaS is less expensive, but this is unproven, Gartner said. Gartner's cost models show SaaS can be less expensive over the first five years, but not thereafter. The long-term benefits lie elsewhere in terms of cash flow and reduced IT support costs, for example.

Lack of available expertise: SaaS analytic applications offer prebuilt intellectual property that can help firms work around a lack of the skills needed to build their own analytic solutions.

Instead of disrupting the enterprise BI platform and corporate performance management suite market, a more likely scenario is that SaaS and cloud-based offerings will tap into new opportunities - for instance, with mid-market companies that have yet to invest in BI, or by offering domain-specific analytics, Gartner said.

“If their operational business applications are in the cloud, organisations should consider pursuing cloud BI/analytics for those domains,” said Richardson.

“However, they must assess risks on an ongoing basis and ensure their chosen cloud provider has appropriate business skills to provide a viable outcome. They must also ensure their BI strategy outlines how to ensure that data flows to and from these solutions in order not to become yet more silos of analysis.”

National data protection authorities will be empowered to fine companies that violate EU data protection rules penalties of up to €1m or 2pc of their global annual turnover.

Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. This means that in many cases internet giants such as Google, Twitter and Facebook, which have their European headquarters in Dublin, will deal with the Irish Data Protection Commissioner on privacy matters.

Some €130m a year will be saved by a new provision that ensures that firms processing personal data must notify their national data protection authority within 24 hours, rather than trying to notify all data supervisory authorities.

The vice-president of the European Commission Viviane Reding said a single law will do away with existing administrative burdens, and will help reinforce consumer confidence in online services, providing a much-needed boost to growth, jobs and innovation in Europe.

"Seventeen years ago, less than 1pc of Europeans used the internet," Reding said. "Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds.

“The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data. My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information.

“The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation," Reding added.

Under the new rules, it will be easier for people to access their own data and transfer it from one service provider to another.

EU rules will apply if personal data is handled abroad by companies active in the European market.

A new directive will apply data protection rules for police and judicial co-operation in criminal matters, including domestic and cross-border data transfers.

“Last night, the Department of Justice and Finance websites experienced a distributed denial of service attack. This is not an attempt to extract information from the website but is instead an attempt to stop access to a service.

“There seems to be no damage done to the website, however, a review is being conducted this morning. The situation continues to be monitored by the Department of Justice and the Department of Communication. Gardai have been contacted on the matter.

“The Government is aware of the potential threat of this type of cyber attack and the Department of Communications is co-ordinating a whole of Government response to this threat," the Department of Justice said.

The statutory instrument that has aroused Anonymous' anger is about to be signed in Ireland just a week after major protests around the web stopped SOPA and PIPA in their tracks.

The instrument is aimed at covering a perceived gap in the Irish copyright laws whereby courts will be given powers to grant injunctions against ISPs on the suspicion of illegal downloading activities by their customers.

A petition that emerged earlier this week against the statutory instrument attracted more than 22,000 signatures.

Earlier this week, Anonymous attacked and vandalised government websites in Poland, including that of its prime minister.

“Over the coming days, we may see these attacks intensify, especially as more people are recruited into the operation. Typically, these attacks will eventually fade away as those taking part in the attack lose interest and move onto other items.

“Many will see this as a way to draw Government's attention to the concerns many have with the proposed new law. However, I believe that this action will simply divert the attention of the media and elected officials away from the core issue at heart and focus instead on Ireland been subjected to these attacks."

The statutory instrument is aimed at covering a perceived gap in the Irish copyright laws whereby courts will be given powers to grant injunctions against ISPs on the suspicion of illegal downloading activities by their customers.

A petition that emerged earlier this week against the statutory instrument attracted more than 22,000 signatures.

Earlier this week, Government websites in Poland, including that of its prime minister, were attacked and vandalised by Anonymous.

First signs of the attack emerged after nine o'clock after Anonymous tweeted how Ireland had 'angered the hive.'

Before midnight the Department of Justice website was down and affiliated site Citizens Information was down.

After midnight, Anonymous published the phone numbers of all TDs in Government on Pastebin.

Honan says he expects activity to increase in the coming hours and days and has offered the following advice for system administrators:

"If you are a system administrator based in Ireland and responsible for managing your organisation's websites and systems, then you should do a risk profile of your organisation to determine will it be a potential target of OpIreland. If so, then you should take some proactive measures to ensure the security of your systems:

• Ensure your systems are fully patched, this includes your firewalls, your operating systems, web server software and the web application software on your site
• Review all your firewall rules and ensure they are up to date and correct
• Ensure your log files are turned on, that they are recording key events and that you are actively monitoring them for suspicious activity
• Look at deploying DDOS mitigation tools
• Ensure all your passwords are secure passwords and are not re-used across multiple systems
• If you have Intrusion Detection Systems (IDS) in place, ensure they are configured and working properly and are being monitored
• Have your incident response plan close by in the event that you are impacted.

Jason Ward, EMC's country manager, said the denial of service attack on the Department of Justice and the Department of Finance websites was symptomatic of new risks to IT systems as cyber adversaries around the world try to disrupt governments.

"The attack on the two Government Departments showed that our IT systems have never been more vulnerable and we need to take proactive steps to prevent cyber attacks as part of a new defence doctrine.

"Although there is not too much information available on this morning's attack, we do know that intelligence-driven information security is emerging as the clear pathway for all organisations to protect their IT infrastructure.

"That means collecting reliable cyber security data and researching prospective cyber adversaries to better understand risk and learn about why and how attacks occur," Ward said.

Anonymous said it has already crashed the servers of CBS, Warner Bros and the FBI.

“Facebook is next," the video intoned, pointing out that Facebook has more than 60,000 servers.

The video goes on to outline general instructions on how at 12am (EST) on 28 January internet users can form part of a single, giant "ion cannon" that can blast a DDOS attack via multiple IP addresses at Facebook's servers.

“A charge laser needs to be loaded at exactly 12m Jan 28 2012; that way we will have a stronger army built up for our rights," Anonymous said.

"A key requirement of ours was to ensure maximum customer acceptance to support a non-disruptive player experience," said Michael Nolan, payments and operational development manager at Paddy Power.

"With Realex Payments as part of our card payment architecture, we met this requirement via their RealResult service, providing issuer response codes for declined transactions through supported acquirers, allowing us to react to and appropriately address declines in real-time," Nolan said.

Realex Payments will provide distinct accounts for each acquirer, channel and for each payment type - a total of 12 distinct channels of payment, each capable of processing in both euro and sterling.

Realex Payments processes payments valued in excess of stg£1bn per annum on behalf of its gaming clients and recently added a number of key accounts to its gaming book, having announced deals with 188Bet and Betsafe.

Anonymous this morning suspended the attacks until after Tusk and his ministers discuss Poland signing the international ACTA legislation.

As reported earlier on Siliconrepublic.com, ACTA is in the process of being ratified around the world. But lack of public consultation has left many wondering about the impact of the ACTA treaty on civil liberties and internet innovation.

Ostensibly, ACTA relates to combating counterfeit physical goods, such as drugs. However, it also contains measures related to intellectual property and online commerce.

Following last week's SOPA and PIPA protests in the US, a lack of consultation no doubt raises the public's hackles.

Key findings include:

• Some 40pc of organisations expect to raise external IT spend on hardware, software and services, and about 17pc expect external IT spend in 2012 to decline.
• The remainder expect to hold spend steady. Only a quarter of those planning to increase spend in 2012 are planning to raise spend by 5pc or more.
• In 2011, some 43pc of organisations raised their external IT spend over the whole year, according to survey respondents, while around 20pc lowered their spend.
• Western European organisations are therefore heading into 2012 with external IT budgets that tend on average more toward stasis when compared with actual IT spend patterns in 2011.

External IT spend budgets down year-on-year

"These spending plans may seem optimistic at first sight, given the economic environment, but in fact total external IT spend budgets for 2012 are well down on the equivalent budgets for 2011," said report author Douglas Hayward, research director, IDC European services research.

When previously surveyed by IDC in early 2011, 46pc of Western European organisations had expected to raise external IT spend in 2011, and only 14pc had expected to decrease their spend - meaning that European organisations on average cut back their IT spend during 2011 from the levels they had planned at the beginning of the year.

In IDC's view, this reining in of IT spend as 2011 progressed came in response to lowered consumer and business confidence and to the progressively worsening economic outlook during the year.

"Western European organisations are huddling toward the middle in their IT budgets for 2012; their plans are tending more toward stasis. This will be a conservative year in which discretionary spend will be held to a minimum for most organisations," said Hayward.

"The impact is not necessarily dramatic in real terms, however, since 2012 budgets are not significantly down on the actual spend outcomes during 2011. So the bottom line is that 2012 is shaping up to be like late 2011 - only a bit worse."

At the mercy of economic conditions

According to Thomas Meyer, European vice-president for Systems and Infrastructure Solutions at IDC, organisations feel they cut back their spend sufficiently during 2011 in response to worsening conditions, and they are hoping to get by this year on spend levels relatively close to those of 2011.

“For many organisations, there is simply less potential to cut external spend, and they may be locked into contracts that limit their leeway to reduce external IT spend. Current budgets could, however, be significantly revised downward during 2012 if economic conditions were to deteriorate dramatically."

Despite the renewed conservatism and caution, organisations remain interested in a handful of "hot" and sometimes disruptive technologies, including cloud computing and software-as-a-service (SaaS) projects, new storage, virtualisation and rationalisation of the IT infrastructure, "consumerisation" of end-user technologies in the workplace, and the rollout of applications that either cut the organisation's running costs or help to generate new revenues.

According to Sophos, Anonymous has claimed it's attacking numerous websites in this way, including those belonging to the FBI, US Department of Justice, RIAA, MPAA and Universal.

The attack seems to be inspired by the FBI's shutdown of file-sharing site Megaupload and the arrest of its founders.

The hacker group announced: "We Anonymous are launching our largest attack ever on government and music industry sites. Lulz. The FBI didn't think they would get away with this did they? They should have expected us."

These attacks follow this week's internet blackout, where thousands of sites protested proposed US anti-piracy legislation.

"In the past, Anonymous has encouraged supporters to install a programme called LOIC, which allows computers to join in an attack on a particular website, blasting it with unwanted traffic," said Graham Cluley, senior technology consultant at Sophos.

Join Anonymous' zombie army, go to jail

"This change in tactic from Anonymous, which allows attacks to be launched by simply clicking on a link, means that internet users need to be extremely careful when clicking on unknown URLs or they could unwittingly be joining this latest zombie army.

"Don't forget, denial-of-service-attacks are illegal," Cluley continued.

"If you participate in such an attack, you could find yourself receiving a lengthy jail sentence. I'm not sure if participants in this instance would get away with claiming that they innocently clicked on links by mistake, so make sure you always trust the links you click on, even if they're shared by a friend on social networking sites."

“Irish companies need to develop a new defence doctrine for combating advanced threats and intelligence-driven information security is emerging as the clear pathway to protect IT infrastructure.

“That means collecting reliable cyber security data and researching prospective cyber adversaries to better understand risk and learn about why and how attacks occur.

“It means developing new skills in the IT team to produce and analyse intelligence and identify normal and abnormal system and end-user behaviour in the IT environment.

“There is a need to share useful threat information such as attack indicators between organisations so that we can build comprehensive defence networks against increasingly sophisticated cyber attacks," Ward said.

Increase in tempo of attacks

His comments come as SBIC published its ninth report based on the real-world experiences of 17 top information security leaders.

The SBIC is a group of top security leaders from Global 1000 enterprises convened by RSA to discuss top-of-mind security concerns and opportunities.

“Cyber risk intelligence is no longer just for government agencies - it is a required competency for corporate survival,' said Art Coviello, RSA's executive chairman.

“The tempo of recent attacks calls for urgent and bold counter measures that position organisations not only to detect advanced threats but also to predict how attacks may occur so they can take preventative steps," Coviello said.

RSA itself came under a sophisticated cyber attack almost a year ago when hackers attempted to compromise the company's SecureID authentication service. In August, RSA launched the RSA CyberCrime Intelligence Service.

The marketing sites for First International Bank of Israel, Massad and Otzar Hahayal had also been hacked.

While the hackers' activities may have grounded the websites, stock trading and flights continued as normal.

The hacker group, who have expressed Palistinian sympathies, are demanding Israel apologise for its military actions in Palestine.

Israel's deputy foreign minister Danny Ayalon said the hackers' activities do not threaten the hi-tech nation and vowed that Israel will not be silenced on the internet.

The hackers' activities occur just as major online retailer Zappos in the US was hacked with hackers exposing customer emails and passwords.

The hacker is understood to have released fragments of the source code over the past week along with emails.

It is understood the hacker broke into Indian government servers and got his or her hands on the source code.

Symantec is understood to have given its source code to Indian authorities who were inspecting it ahead of a decision to deploy the software.

After inspecting the software, officials left the source code on government servers which were subsequently attacked.