In response to a recent national cyber risk report, a former Europol advisor weighs in on Ireland’s preparedness against cyberattacks as nation state actors and cyber gangs get more sophisticated.
Last week, the Government published a National Cyber Risk Assessment of Ireland and the measures that can be taken to bolster cyber resilience.
Led by the National Cyber Security Centre (NCSC), the report details the many different types of cyberthreats faced in Ireland, from espionage and cyberattacks from nation state actors to ransomware and hacktivist groups and highlights the importance of supply chain security in digital technologies.
“As a response to the pandemic, there was a rapid acceleration in the digitalisation of commercial, educational and social activities, which allowed these activities – which would otherwise have stalled – to continue,” said Minister of State Ossian Smyth, TD, at the launch.
“A large-scale digital breakdown post pandemic could cause more societal harm than it otherwise might have pre-pandemic, further underscoring the importance of robust cyber resilience across all sectors.”
Ireland a unique target
According to Brian Honan, a former Europol special advisor and current advisor to the EU Agency for Cybersecurity (ENISA), Ireland’s unique position within Europe as a tech hub heightens its risk of being targeted by “highly organised” and sophisticated criminals that are “motivated purely by greed” and “ruthless in the execution of their goals”.
Honan argues that because Ireland is home to the European headquarters of so many multinationals – and its high concentration of cloud providers – it could become an “unwitting target” for hostile nation states targeting those companies or their host countries.
“As an island, we are highly dependent on international data connections, many of these are undersea cables and could be targeted by physical attacks resulting in disruption in our international communications,” he added.
To tackle some of these concerns, the latest NCSC report suggests the Government strengthens legislative provisions to ensure essential service providers embed appropriate security measures. The report also recommends that the Government develop a framework for managing strategic supply chain dependency risks, and urges the Government to establish a central register of all essential and important entities in the state.
“Of particular note in this assessment is the recognition that systemic risks could have significant impact beyond the initial compromise which reflects the increasing dependency organisations have on third-party suppliers,” said Honan.
“It is also welcome to see the recognition that new technologies such as IoT devices and AI can pose risks outside of those normally considered as cyber risks.”
So, what’s next? One statistic that stands out, according to Honan, is that while executives in many surveyed organisations have “a large level of awareness” around cybersecurity, more than one in five “do not implement baseline security standards or best practices to fulfil their requirements”.
“[There needs to be a] focus on using regulatory and legal frameworks to ensure that all key providers take the appropriate measures to secure themselves and their supply chain,” he explained.
“This in turn will have a wider impact than just the proposed regulated entities as a sharper focus will now be put on these entities’ supply chains and will encourage many organisations to take cybersecurity more seriously.”
Earlier today, Google published research conducted by iReach Insights which found that while most Irish SMEs agree that having a secure online presence is a priority, only 20pc are very aware of the specific measures or tools required to protect their data and digital assets.
Less than half of SMEs require employees to periodically change passwords or take regular or annual security awareness training, while only around one in four have an incident response plan in case of a cyberattack.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.