‘A virus was once a minor disruption. Now no company is safe from cyberattacks’

When future historians record the seismic events of 2020 and ‘21 in Ireland, two words will stand out above all others — Covid-19 and cybercrime. The former due to the pandemic that swept across the globe, and the latter resulting from the massive attack on the HSE at a time of greatest vulnerability.

While cybercrime has long been an unfortunate reality of modern global commerce, the onslaught upon the Irish health system succeeded in highlighting how potentially destructive this criminal activity can really be.

“I have been working with business owners in the SME sector for 20 years, and at that time a virus was just seen as an annoyance or something that might cause a minor disruption to a business,” Kevin O’Regan, director Radius Technologies, says of his extensive experience in this sector.

Kevin O'Regan: Director Radius Technologies Picture: Michael O'Sullivan /OSM PHOTO
Kevin O’Regan: Director Radius Technologies Picture: Michael O’Sullivan /OSM PHOTO

“In recent years, the complexity of cyberattacks on the SME sector has increased, and the frequency of these attacks has also increased.”

As a result of this new reality, Radius Technologies, which has offices in Cork Waterford and Dublin, has totally re-designed its service offering to combat the current cyberattacks being witnessed across all industries, and providing annual cyber security assessments to identify and resolve potential weaknesses and implementing disaster recovery solutions.

Whether you are a sole trader or you are responsible for the management of a larger SME, it is important to protect your business and ensure you have a tested disaster recovery plan if something does go wrong.

The HSE attack has been a watershed moment for Irish business owners, he believes: “There is a realisation that cybercrime is a very serious threat to their business, regardless of size, and it must be mitigated against.”

Any historic inertia in taking cyberattack seriously is changing fast. 

“I would strongly urge all business owners to complete a detailed review of their cyber security risks and mitigate against them. It is important that you take preventative steps before you find your organisation falling victim to such an attack,” Kevin advises.

The not for profit organisation, [email protected], one of Ireland’s most established and connected technology clusters representing over 200 companies in the South West, recently appointed Kevin as a board member.

Occupying positions in both ownership and leadership, his wealth of experience within the sector will be an asset to the board in enhancing performance and strategic direction.

Looking to the future, Kevin does predict a business landscape where the spectre of cybercrime will be become ever more prevalent and sophisticated: “It is happening right now, and I don’t expect it to change. The attacks that are being launched include sophisticated surveillance of email traffic, intelligence gathering with the objective of orchestrating a fraudulent payment and encryption of data and back-ups in order to extract a ransom payment.”

All cyberattacks are very serious, but by far the most serious are ransomware attacks which can take a business down permanently.

“If a business was to lose a percentage of its cash reserve, that would be viewed as a serious matter.  However, if a business loses all the data they require to provide delivery of their service/product, this can fundamentally affect the functionality of a business.

He stresses that the single biggest weakness when it comes to cybercrime are the employees within a company: “Emails designed to trick employees into completing specific tasks can be very effective, and staff awareness is key when it comes to protecting organisations against these types of cyber-attacks.”

Training and awareness

Implementing ongoing training and awareness programs for all staff will minimise risks. 

“For example, we provide simulated phishing email campaigns for our clients to test and provide feedback to employees on how to recognise a phishing email. Although a serious matter, it can be a fun competition in a company on a weekly basis to see who the boss will catch out this week.”

Radius Technologies find that this type of campaign really works in increasing awareness around the type of emails you may receive. 

“On a more serious note, I am aware of some multinational companies that will commence disciplinary actions against employees who continually and repeatedly fail to identify emails that are part of these programs, so it is important to know the signs.”

Regardless of the economic conditions of a country, any business can fall victim to a cyberattack. 

“These sophisticated hackers look for systems that can be infiltrated, regardless of their locations worldwide. For this reason, it is important that businesses of all sizes are aware that they could be at risk of cyberattacks,” he says.

Moving organisations and companies to the cloud, regardless of sector or size, does offer significantly increased protection. 

“When we consider an on-premise IT infrastructure, the business owner has to protect against all types of risk and threats. This will include physical security, theft, fire, flood, rogue employees, equipment failure, connectivity failure and cyber-attack.

“When you move your computer activity to a private managed cloud service similar to what we provide to our clients, all these risks are 100% managed by us providing a greater sense of security for business owners.”

City targets

Over the last decade, Cork and its southern hinterland has proven an attractive magnet for an increasing number of cyber security companies — a sector Kevin predicts will continue to grow further.

“Like many other major cities, Cork has evolved into quite a hub for cyber security companies. Based on the increase in cyberattacks, I would expect the growth in this sector to continue, with more companies emerging over the coming years and an increased focus on services such as cloud solutions, AI and dark web monitoring.”

Kevin does, however, underline the need for businesses to choose a provider that meets their specific requirements, size and business type, and which can be trusted to ensure company data is secure. Careers in cyber security are a very viable opportunity in 2021, with third level colleges having developed programmes in recent years that will allow for graduates to enter the industry.

“The most sought-after qualifications come after a number of years working in the sector. One of the most globally recognised qualifications is the CISSP certifications can only be accredited to individuals with 10 years experience in the cyber security sector.”

In conclusion, Kevin offers a number of practical tips on basic cybersecurity options all companies should employ:

  • Ensure that your employees are educated on what a cyber-attack can present by holding phishing simulation training. It is also important that two-factor authentication is activated across all critical business applications.
  • Carry out a cybersecurity review on your IT systems to identify any potential areas of concern where hackers may gain access.
  • Invest in malware protection products and consider investing in behavioural-based malware protection to protect against ‘Zero Day’ attacks.
  • Make sure you have a robust backup and disaster recovery plan in place and that it is regularly tested. All IT systems should be locked down, patched and managed securely.
  • Finally, go through a cyber essentials certification and get your business certified.

Source link

Sign up for our daily Cyber Security Analysis and Threat Intelligence news.