Irish businesses are more likely to have a formally defined ICT security policy compared with their European peers but use of antivirus and security software among consumers is below the European average.
The European Network and Information Security Agency (ENISA) has issued country reports on the state of security throughout the EU and EEA and has found that no major new risks to network security or resilience were identified in Ireland since the beginning of 2010.
According to the report, 72pc of Irish households have internet access compared to the EU/EEA average of 68pc. Businesses in Ireland lag slightly behind in being online, at 92pc, as against 94.24pc. However, businesses are marginally ahead of the average in having an ICT security policy – 28pc as opposed to 26.41pc.
Irish people are less likely to use security as a reason not to perform certain activities online, such as e-commerce or banking. Just 9pc cited security concerns, against a European average of 13.86pc. However, just 56pc of people use and update IT security or software tools to protect their computers and their data, compared to the EU member state average of 59.29pc.
The difference between basic security and being targeted by cyber criminals
The report doesn’t make clear whether the remaining 44pc of Irish private users have no form of security software, or don’t update it. However, the finding tallies with what IT security insiders have been saying for years: that many people don’t make the connection between leaving their computers unsecured and having them compromised by cyber criminals to send spam.
The report shows there are 10 national authorities in Ireland with some role in network and information security, ranging from the departments of communications and justice, the Irish Information Security Forum, the National Crime Council, to the Internet Advisory Board and ComReg.
IRISSCERT, the group which distributes free advice and warnings about information security threats to 400 people in Ireland, was listed as one of the main contributors to Ireland’s security framework. Founder Brian Honan said it was ironic that IRISSCERT, as a voluntary organisation with a small budget, appears to be contributing more than better-funded Government initiatives. “I think it also shows how disjointed our national cyber security is with various bodies re-inventing the wheel,” he told Siliconrepublic.com.
ENISA noted that Ireland has no central repository of good practices on the resilience of public networks. Operators and stakeholders are engaging in good practice, although this hasn’t been formalised. Ireland also has a cross-sector platform which was built in Ireland using Tetra technology. “This platform is completely independent of all other infrastructure and was put in place to be used by key officials should the country ever suffer an attack or denial of service which affects the standard platforms and networks,” the report said.