Category: Cybersecurity

Ireland’s First Cybersecurity Apprenticeship for Local Government Launched

Local authorities are boosting their cyber-security systems with the official launch of Ireland’s first tailored IT apprenticeship programme for county and city councils.

Ten local authorities across Ireland have joined the initiative, which aims to equip staff with the skills and expertise to protect local government networks and data from cyber-attacks.

The Cybersecurity Apprenticeship Programme, which allows employees to train while they work, was officially launched by Minister of State at the Department of Further and Higher Education, Research, Innovation and Science, Marian Harkin and Minister of State at the Department of Housing, Local Government and Heritage, John Cummins in Dundalk, Co Louth. Representatives from the Local Government Management Agency (LGMA), which has collaborated with FIT (Fastrack into Information Technology) to deliver the programme, also attended the launch.

The scheme features a 70:30 split between workplace learning and off-the-job training. This means the participants are applying the most up-to-date theoretical knowledge to IT practice in local authorities.

When completed, the programme will equip participants with the skills and knowledge to work in cybersecurity roles within the local government sector, and they will receive an Advanced Certificate in Cybersecurity (NFQ Level 6).

The first cohort of 14 participants began in June, serving their apprenticeships in 10 local authorities and the LGMA.

Minister Harkin said the programme opens doors for new talent but also empowers local government’s existing workforce.

“This apprenticeship is a powerful example of how targeted education and training can support the evolving needs of our public sector,” she said.

“By investing in both new talent and upskilling existing staff, we are not only strengthening cyber resilience within local government, but also building a future-ready workforce equipped to meet the challenges of a digital society. In addition, this programme supports a number of Government priorities, including growing the number of apprentices within the Public Service.

Minister Cummins added: “The Government is committed to expanding apprenticeship and traineeship numbers on a sectoral basis alongside established primary recruitment processes. Today marks an important step in building cyber resilience within local government.

“As global vulnerabilities continue to rise in threatening the security of our IT systems, this pioneering programme showcases the dedication of public servants in safeguarding our communities through stronger cyber resilience. This programme demonstrates the commitment of the local government sector to achieve the targets set out in the Public Service Apprenticeship Plan to provide programmes that offer a route to qualifications and careers in a range of diverse areas and to establish the sector as an employer of choice by attracting, retaining and developing its staff.”

Training takes place online and in person in the Advanced Manufacturing Training Centre of Excellence in Dundalk, where the launch took place.

This initiative supports key goals outlined in the Local Government Digital and ICT Strategy 2030 and the Action Plan for Apprenticeship 2021–2025, contributing to the development of a skilled digital workforce in the local government sector.

The training programme is being delivered by FIT. CEO Peter Davitt said: “We are proud to launch Ireland’s first workforce development apprenticeship for local government.

“By embracing tech apprenticeships, this model proactively addresses the challenge of skills obsolescence in today’s fast-evolving digital landscape, ensuring that public sector digital services remain robust, secure, and future-ready for the benefit of communities nationwide.”

Chief Executive Officer of the LGMA, Pauline Mulligan added: “Upskilling current local authority employees is central to our digital transformation strategy, ensuring that they are equipped with the expertise needed to safeguard public services in an increasingly complex cyber landscape.

“This initiative reflects our commitment to inclusive growth, innovation, and excellence in public service.”

Director of LMETB’s Advanced Manufacturing Training Centre of Excellence (AMTCE), Gerard Smith said: “This programme is just one of a wide range of training initiatives AMTCE provides to companies and employees in the cybersecurity space. From foundational awareness to advanced threat detection, our goal is to equip the workforce with the practical skills needed to protect critical infrastructure. Our state-of-the-art Training Security Operations Centre (SOC) enables us to simulate real-world cyber scenarios, ensuring learners are prepared for the threats they’ll face on the ground.”

Click to access the Local Government Digital and ICT Strategy 2030 and the Action Plan for Apprenticeship 2021–2025

Which Businesses Need Cybersecurity the Most? A Sector-by-Sector Guide

Cyberattacks are no longer rare events – they’re an everyday threat, and the cost of each breach is climbing fast. In the UK alone, over 38% of small businesses reported being targeted by a cyberattack in the past year, with many facing significant financial and reputational damage. At Support Tree, we’ve seen firsthand how vulnerable organizations can be when cybersecurity isn’t a priority. In this article, we’ll explore which industries are most at risk, why they’re targeted, and what steps businesses can take to protect themselves.

Why Cybersecurity Matters for Every Business?

Cybercrime isn’t reserved for big corporations with vast databases and deep pockets. Small and medium-sized businesses (SMBs) are often prime targets because hackers know their defences are usually weaker, and a single breach can cause devastating consequences.

Criminals don’t discriminate by size; they look for opportunity. For many SMBs, that opportunity comes in the form of outdated software, untrained staff, or a lack of robust security measures. The result? Cyberattacks can halt operations, drain bank accounts, and damage hard-earned reputations.

Some of the most common threats include:

  • Phishing – fraudulent emails or messages designed to trick employees into revealing passwords or payment details.
  • Ransomware – malicious software that locks you out of your systems until a ransom is paid.
  • Insider threats – intentional or accidental data leaks caused by staff or contractors.
  • Data breaches – unauthorized access to sensitive customer, financial, or intellectual property data.

The truth is simple: in today’s digital landscape, every business is a potential target. Taking action before a threat materializes is not just smart — it’s essential for survival.

High-Risk Sectors for Cyberattacks

Some industries are targeted more aggressively than others because of the type of data they hold, the financial reward for criminals, or the potential disruption an attack can cause. While no sector is immune, understanding where the highest risks lie can help businesses prioritize their defences.

Sector Why They’re Targeted Examples of Attacks Compliance / Key Risks
Financial Services Direct access to money and high-value personal data. Data breaches at banks, fintech platform hacks, and insurance fraud cases. PCI-DSS for payment security, FCA guidelines for financial conduct.
Healthcare Patient data is highly valuable on the black market. NHS ransomware incidents, private clinic data leaks. Loss of patient trust, disruption to critical services.
E-Commerce & Retail Payment card theft and account takeovers. Online store breaches, fraudulent transactions. Risks peak during major sales events like Black Friday.
Manufacturing & Supply Chains Ransomware can halt production and operations. Cyberattacks on suppliers are causing production delays. Industrial espionage, theft of trade secrets.
Professional Services Store sensitive client and financial data. Law firm data leaks, insider data theft. Insider threat risk, professional reputation damage.

Businesses operating in these sectors cannot afford to take cybersecurity lightly. The combination of high-value data, financial incentives for attackers, and regulatory pressure means prevention is far more cost-effective than recovery.

Overlooked but Vulnerable Sectors

When people think of cyberattacks, they often picture large corporations, banks, or hospitals. But some of the most vulnerable targets are in sectors that don’t make the headlines. These industries can be easier prey for cybercriminals because they often lack the same level of security resources as bigger players.

Here are a few examples where risk is high but awareness is low:

  1. Charities & Nonprofits
    • Why at risk: Often run on tight budgets with limited IT investment.
    • Typical threats: Phishing emails aimed at staff and volunteers, breaches of donor databases, and ransomware disrupting fundraising events.
    • Impact: Loss of donor trust, reputational harm, and reduced ability to operate.
  2. Education
    • Why at risk: Schools, colleges, and universities hold vast amounts of personal data on students, parents, and staff.
    • Typical threats: Ransomware shutting down systems, leaks of student records, and phishing attacks on staff.
    • Impact: Disruption to learning, safeguarding concerns, and compliance breaches.
  3. Hospitality
    • Why at risk: Booking platforms and payment systems store valuable customer and financial data.
    • Typical threats: Point-of-sale (POS) system hacks, booking system breaches, and card data theft.
    • Impact: Loss of customer confidence, direct financial loss, and damage to brand reputation.
  4. Local Government
    • Why at risk: Councils and local authorities manage critical public services and store sensitive citizen records.
    • Typical threats: Ransomware attacks causing service shutdowns, breaches of public databases, and phishing targeting officials.
    • Impact: Public service disruption, political fallout, and exposure of personal data.

The common thread across these sectors is the assumption of low risk a dangerous mindset that makes them attractive to attackers. Even with smaller budgets, implementing basic cybersecurity measures can dramatically reduce exposure.

Consequences of Poor Cybersecurity

Failing to protect your systems and data can have far-reaching effects, often more damaging than the initial attack itself. Understanding these consequences is the first step in appreciating why prevention must be a business priority.

  1. Financial Loss
    • Direct costs: ransom payments, fraud, stolen funds.
    • Indirect costs: legal fees, system recovery, and hiring specialists to repair the damage.
    • Example: A ransomware demand might be £50,000, but the true recovery bill can run into the hundreds of thousands once lost revenue is considered.
  2. Legal Penalties
    • Non-compliance with regulations like GDPR, PCI-DSS, or sector-specific rules can lead to hefty fines.
    • Example: Data breaches involving personal information can result in penalties up to 4% of annual global turnover under GDPR.
  3. Reputational Damage
    • Customers lose trust when their data is compromised.
    • Negative media coverage can harm a brand’s image for years.
    • Example: Studies show that up to 60% of small businesses close within six months of a major breach due to lost customer confidence.
  4. Operational Downtime
    • Cyberattacks can bring daily operations to a standstill.
    • Example: Manufacturing firms hit by ransomware have had to halt production for days or even weeks, leading to missed orders and broken contracts.

The reality is that the cost of prevention is far lower than the cost of recovery. Every business, regardless of size or sector, should view cybersecurity as a fundamental part of its risk management strategy.

Essential Cybersecurity Measures for All Businesses

No matter the size or industry, every organization can take practical steps to strengthen its defences. These measures don’t require a massive budget, but they do require consistency and commitment.

  1. Implement Strong Password Policies
    • Require complex, unique passwords for all accounts.
    • Enforce regular password changes and ban password reuse.
  2. Use Multi-Factor Authentication (MFA)
    • Add an extra layer of security to logins, even if passwords are stolen.
    • Prioritize MFA for email, banking, and administrative systems.
  3. Regularly Back Up Data
    • Store backups securely, offline or in a protected cloud environment.
    • Test backups periodically to ensure they can be restored quickly.
  4. Train Employees on Cybersecurity Awareness
    • Provide regular training on spotting phishing emails, social engineering tactics, and safe internet use.
    • Encourage a “stop and check” culture before clicking links or opening attachments.
  5. Secure Endpoints and Networks
    • Use antivirus, anti-malware, and firewalls on all devices.
    • Keep all software and systems updated with the latest security patches.
  6. Control Access to Sensitive Data
    • Restrict permissions so employees only access what they need.
    • Monitor and review access rights regularly.
  7. Consider Cyber Insurance
    • Provides a financial safety net in case of a breach.
    • May also include access to rapid incident response services.

 

Cybersecurity is not a one-time project but an ongoing process. By embedding these practices into daily operations, businesses can significantly reduce the likelihood of becoming a target and be better prepared to respond if an attack does occur.

Cybersecurity is no longer an optional extra – it’s a core part of doing business in the digital age. Whether you’re running a financial institution, a local charity, or a growing e-commerce store, the risks are real, and the consequences of inaction can be devastating.

The good news is that you don’t have to tackle these challenges alone. At Support Tree, we help businesses of all sizes assess their vulnerabilities, strengthen their defences, and respond effectively to incidents. The earlier you act, the more control you have over your security and your future.

Don’t wait for a cyberattack to force your hand. Start by reviewing your current protections today, train your team, and put robust safeguards in place. Your customers, your reputation, and your bottom line depend on it.

ESET Ireland Warns of First AI-Powered Ransomware Threat

Cybersecurity company ESET has uncovered the world’s first known case of artificial intelligence-powered ransomware, marking what experts describe as a new era in cybercrime.

The malware, dubbed PromptLock, utilises AI to adapt and disguise itself, making it more difficult to detect and defend against. ESET Ireland has warned that Irish businesses and public bodies must take this as a serious wake-up call, given the country’s record as a target for major cyberattacks.

George Foley of ESET Ireland commented, “AI has now joined the cybercriminal’s toolkit. Ireland cannot afford to be complacent; we’ve seen the impact ransomware can have on health services and businesses. This development makes attacks faster, smarter, and more damaging.”

Ransomware attacks are estimated to have cost Irish businesses tens of millions of euros in recent years, with the 2021 HSE attack still fresh in public memory. ESET is urging organisations to strengthen defences, train staff, and maintain offline backups as core protections.

For more information, visit www.eset.ie

Ekco Launches All-in-One, Enterprise-Grade Cybersecurity Offering to Protect Irish SMBs

Ekco, one of Europe’s leading security-first managed service providers (MSP), has today launched Cyber Defence Complete in Ireland – an all-in-one cybersecurity service that gives small and mid-sized businesses (SMBs) enterprise-grade cybersecurity protection without complexity.

The number of attempted and successful cyberattacks is ever increasing and SMBs are attractive targets for attackers as, unlike larger organisations, they often lack the resources to recruit specialist in-house 24-7 cybersecurity teams. Cyber Defence Complete from Ekco integrates essential security coverage from leading vendors including Microsoft, CrowdStrike, and Recorded Future into a unified, streamlined solution.

Built on CREST-accredited methodologies, it equips SMBs with comprehensive defensive capabilities – from visibility and detection to active defence – without requiring significant infrastructure changes. By simplifying cybersecurity complexity and uncertainty, Cyber Defence Complete provides businesses with a proactive advantage against threats, along with seamless access to world-class technologies and expert guidance in one cohesive service.

Ekco’s Cyber Defence Complete package includes 24×7×365 Managed Extended Detection and Response (MXDR) monitoring, incident response, threat intelligence, and Security Information and Event Management (SIEM), ensuring SMBs are protected around the clock and offering peace of mind. It will be offered through flexible, tiered models designed to scale with businesses as they grow and mature.

Lee Driver, Director of Cybersecurity at Ekco, said: “Small and medium-sized businesses face diverse cybersecurity challenges, and in today’s threat landscape, fast, decisive action is critical. This is why we’ve launched Cyber Defence Complete – a comprehensive solution that removes uncertainty and complexity from cybersecurity for SMBs. Right from the outset, our package establishes a robust defensive foundation, encompassing threat detection, active monitoring, rapid incident response, and mitigation capabilities.

“Our flexible, tiered approach ensures businesses receive exactly the level of protection they need, scaling seamlessly as they expand and mature. With Cyber Defence Complete, we’re committed to levelling the cybersecurity playing field, empowering SMBs with enterprise-grade defence underpinned by expert support, so they can confidently focus on growing their businesses without the fear of cyber threats.”

Cyber Defence Complete is available in two tailored packages to meet diverse business needs:

  • Standard: Offers a comprehensive suite of defensive capabilities, enabling businesses to adopt a proactive stance against cyber threats.
  • Premium: Includes all features of the Standard package, with additional enhancements aimed at achieving robust cyber resilience.

This tiered approach ensures that SMBs can access enterprise-grade security solutions that align with their growth stage and budget, providing cost-effective access to world-class security expertise without the need for significant in-house investment.

To learn more about Ekco’s new Cyber Defence Complete, please visit here.

Four in ten Irish businesses have suffered a cyber-attack in the last five years

Four in ten (40%) Irish businesses have suffered at least one cyber-attack in the last five years, with companies facing financial loss as a result.

Research from insurance broker and risk management company Gallagher in Ireland has revealed that more than one in eight (88%) Irish businesses have suffered financial loss and commercial disruption due to a cyber-attack in the last five years.

Gallagher commissioned a survey of 300 business decision makers across the UK & Ireland, 100 of whom are based in Ireland.

Businesses that have experienced a cyber-attack in the last five years reported additional consequences as a result including:

  • the loss of intellectual property (26%)
  • supply chain disruption (23%)
  • reputational damage (23%)
  • ransom payment demands (20%)

Laura Vickers, Director, Gallagher in Ireland spoke of the findings,

Given what we can see from the widespread impact of cybercrime, it is unsurprising that almost every Irish business leader we asked (93pc) said they are concerned about the rise in cyber-crime and the potential impact it could have on their company”.

The Top 3 in Corporate Cybercrime

  • Cyber extortion, whereby cyber criminals threaten to harm a business or steal sensitive information unless a sum of money is paid, was the most common type of attack carried out on Irish businesses, with 37% saying they had been targeted.
  • Phishing attacks, where individuals are tricked into following a malicious link or downloading an infected email attachment, was the second most common attack with 31% suffering this type of incident in the last five years.
  • Followed by what is termed “Man-in-the-Middle (MiTM) attacks”, where the perpetrator intercepts and alters communication between two parties without their knowledge – 23pc of business leaders said their organisation had fallen foul of this.

In Ireland the Gallagher report reveals that large businesses, those with annual turnover exceeding £10m, have been particularly vulnerable, with 57% experiencing cyber-attacks during this period. Mid-sized companies also show substantial exposure, with 39% reporting attacks. Comparatively, smaller businesses have been less frequently targeted, with only 9% experiencing attacks.

Prepare and Respond

Despite the increasing risk of cyber-attacks, 90% of Irish business leaders express confidence in their ability to recover quickly. This optimism may stem from the fact that 94% of businesses have a cyber insurance policy, with 89% confirming their coverage includes risk management, including vulnerability scans and threat monitoring,to mitigate potential threats.

However, the Gallagher survey also highlights areas of concern within Irish business

  • Just 39% of companies provide cybersecurity training for staff, leaving many employees susceptible to phishing and malware attacks.
  • Only 41% conduct regular system vulnerability scans, increasing the risk of undetected weaknesses being exploited by cybercriminals.
  • Less than half (48%) have multifactor authentication (MFA) in place for remote workers, potentially exposing their systems to unauthorized access.
  • Only 42% of business decision-makers are aware that reporting a cyber-attack to the National Cyber Security Centre (NCSC) is a legal requirement. Failure to comply could result in fines of up to €10 million or 2% of global turnover.

Ms. Vickers went on to comment,

“While it’s encouraging to see businesses investing in cyber insurance and risk management, security measures must go beyond just financial protection. Many businesses are still vulnerable due to gaps in employee training, system monitoring, and access controls. Cyber threats are evolving rapidly, and companies that fail to strengthen their security posture risk serious financial and reputational damage.

Equally concerning is the lack of awareness around reporting obligations. Failure to report an attack could lead to significant fines, compounding the financial losses from a breach. Businesses must take a proactive approach, not just in purchasing insurance, but in implementing robust cybersecurity practices and ensuring compliance with legal requirements.”

One in Three Irish Households Experience Cybercrime

Kyndryl the world’s largest IT infrastructure services provider, today published new research highlighting escalating threats from cyberattacks and scams to Irish households. The findings offer an in-depth perspective on cybersecurity readiness, habits and vulnerabilities among individuals in Ireland, highlighting a lack of basic cybersecurity precautions and awareness, which include:

  • One in five (20%) respondents reported directly experiencing a cyberattack or online fraud in the past year.
  • An additional 15% reported attacks within their household. In total, more than one in three (36%) Irish households have experienced cybercrime over the last 12 months.
  • Almost half (48%) of respondents reuse the same password across multiple sites.
  • More than a quarter (26%) acknowledge using public Wi-Fi for sensitive activities like banking and online shopping, exposing themselves to attacks.

“While businesses are grappling with the complexities of maintaining future-ready IT infrastructure, as highlighted in our recent Kyndryl Readiness Report, the same principles apply to consumers: effective cybersecurity starts with people,” said Chris Davis, Managing Director, Kyndryl Ireland. “Cybersecurity readiness isn’t just about having the latest tools – it’s about fostering awareness and proactive behaviours among individuals. Increasing public awareness and education is crucial to help individuals protect themselves in an ever-evolving digital environment. At Kyndryl, we believe that a collaborative effort involving government, businesses, and educational institutions is essential to fostering a more secure digital society, and we’re committed to supporting that mission.”

The new research was conducted by 3Gem Research and Insights and builds on findings of organizational readiness that Kyndryl recently published in its inaugural Readiness Report.

Cyber threat concerns are pervasive

Cybersecurity worries are widespread, with 73% of respondents most concerned about personal devices being hacked, such as smartphones and laptops. The second biggest concern is online scams (68%), followed by identity theft (58%). Nearly half (48%) fear sensitive information being leaked through data breaches, while 28% express anxiety over ransomware attacks.

Young adults most at risk of cyber fraud

Almost one in five (21%) individuals experienced a cyberattack or online fraud attempt in the last year, with an additional 15% reporting that a household member had been targeted.

Young adults, particularly those aged 25-34, appear to be the most vulnerable, with 29% having been directly targeted by cybercriminals. This figure drops to 19% for those aged 45-54, and just 11% for individuals aged 65 and above.

Poor password practices still prevalent
Password reuse remains a major security risk, with 48% of respondents stating they use the same password across multiple accounts – a habit that significantly increases vulnerability to cyberattacks. This risky behaviour is most prevalent among 18-24 year-olds (57%), compared to 36% of those aged 65+.

Alarmingly, 41% of respondents say they rely on memory to store their passwords, making it less likely they use strong, complex alphanumeric combinations. Reliance on memory increases with age, from 37% of 18-24 year-olds to 50% of 55-64 year-olds.

Only 24% of respondents use a password manager, considered one of the safest ways to store and generate strong passwords. Meanwhile, 17% write their passwords on paper, 12% rely on browser auto-fill, and 4% admit to using the same password for all accounts.

Risky online behaviour still common
Risky online practices remain widespread, with 26% of respondents admitting to using public Wi-Fi for online banking or shopping – leaving them exposed to potential attacks. This behaviour is particularly prevalent among younger age groups, with 41% of 18-24 year olds and 35% of 25-34 year olds engaging in this high-risk activity.

Additionally, 18% of respondents opt out of using Two-Factor Authentication (2FA), a highly effective method for securing online accounts. Among younger respondents, the figure rises to 23% of 18-24 year olds and 24% of 35-44 year olds.

Consumers have little tolerance for data breaches

Consumers expect high standards of data protection from service providers. If a breach occurred, 74% of respondents said they would be likely to stop using a financial service, such as a bank or insurance provider, while 75% would do the same for social media platforms like TikTok or Instagram.

Slightly more lenient attitudes were noted for other services: 70% would be likely to stop using a retailer, 69% an email provider, and 64% a gaming service following a breach.

Public is divided on responsibility for cybersecurity education

When asked who should take the lead in educating the public about cybersecurity, 35% of respondents believed that this was the responsibility of the National Cyber Security Centre (NCSC), the body formally responsible for Ireland’s cybersecurity. Schools were the second-most popular choice, with 19% believing they should bear primary responsibility.

Meanwhile, only 12% of respondents feel employers should play a leading role, and just 7% believe universities should be primarily responsible for cybersecurity education.

New research highlights crucial cybersecurity gaps in education sector

New research highlights the need for ongoing concern for the UK education sector’s cybersecurity posture in the light of a growing threat landscape. ESET ‘s findings reveal that nearly three-quarters (73%) of institutions surveyed have experienced at least one cyber-attack or breach in the past five years, with a fifth reporting three or more incidents. This aligns with government data from 2024, which found that 77% of education organisations had experienced a breach or attack in the previous year – far higher than the 50% of UK businesses overall that had been targeted.
Despite being a key target for cyber threats, one-third of education institutions surveyed still lack fundamental protections, such as antivirus software (33%) and strong password policies (35%2). Additionally, the majority (79%) have not adopted advanced measures like managed detection and response.
Another key but often overlooked safeguard is cyber insurance, which, according to government data, under half of primary schools (44%) and even fewer secondary schools (36%) report having in place. In fact, the ESET findings reveal that 7% of institutions operate without an annual cybersecurity budget at all.
This cybersecurity shortfall not only jeopardises organisational data but puts sensitive student information at risk. As cybercriminals increasingly target educational institutions, students’ personal and academic data remain highly vulnerable to theft or misuse. Compounding the issue, one in five (21%) education organisations surveyed admit they feel unprepared / not confident to tackle the rising tide of AI-driven cyber threats.
When asked about the main reasons why they wouldn’t take out a cyber insurance policy, many stated that they prefer to prioritise the budgets they have for cybersecurity measures (37%). Others cited concerns about payout reliability (33%) and complex or unclear policy terms (32%). Meanwhile, 28% believe cyber insurance is too expensive, while 18% revealed they simply don’t understand its value.
Top threats persist
These revelations all come at a time when education organisations continue to battle familiar foes, with data breaches (61%), malware (55%) and phishing (43%) topping their list of concerns. While three-quarters (76%) of education organisations surveyed believe their staff have excellent or good knowledge and awareness of cyber security best practices and online safety, over  half still plan to prioritise increasing staff awareness and training and expanding their cyber security tools or software over the next 12 months (55% and 51% respectively).
The case for managed support
Over three-quarters (77%) believe their institutions would benefit from enhanced cyber security measures with managed support from an external, specialist cyber security provider. However, nearly half (47%) of education organisations surveyed said they would need evidence of a cyber-attack’s potential detrimental and financial impact on their institution to help convince their finance department to approve a larger cybersecurity budget.
Jake Moore, Global Cybersecurity Advisor at ESET, commented: “Education organisations are sitting on a ticking time bomb. While it’s clear that the sector recognises the critical importance of cybersecurity, there is a huge disconnect between budget allocation, lack of insurance and its misconceptions, and inadequate measures, which is leaving institutions highly vulnerable. A comprehensive strategy that includes both cutting-edge security tools, like managed detection and response, and appropriate insurance coverage, is essential to protect against potentially devastating financial and operational impacts.
“These findings underscore the urgent need for education organisations to adopt a more robust and integrated approach to cybersecurity. Institutions can better safeguard their operations, staff and students, by increasing investment, educating stakeholders, implementing advanced solutions, enhancing training, and collaborating with specialised providers.”

Cybersecurity Challenges in Irish Online Gambling: Navigating a Complex Landscape

As the online gambling industry in Ireland continues to expand, so do the challenges associated with ensuring cybersecurity. This vibrant sector, fuelled by technological advancements and changing consumer preferences, faces a myriad of threats and regulatory hurdles aimed at safeguarding both operators and players. With the advent of new technologies and the increasing sophistication of cyber threats, the stakes have never been higher for ensuring robust cybersecurity measures are in place.

Evolving Regulatory Landscape

As mentioned earlier, online gambling in Ireland is popular, and the recent introduction of the Gambling Regulation Bill marks a significant shift in the country’s approach to the activity. This legislation emphasizes the importance of data protection and consumer safety, requiring operators to adapt swiftly to new cybersecurity requirements. In particular, the bill places a strong emphasis on the need for online gambling platforms to implement advanced security protocols to protect sensitive user data. This includes both personal information and financial transactions, which are prime targets for cybercriminals.

The regulatory landscape is further complicated by the need for compliance with international standards, such as the General Data Protection Regulation (GDPR). This European Union regulation requires companies to ensure the protection of personal data and privacy, adding an additional layer of complexity for online gambling operators in Ireland. Compliance is not just a legal obligation but also a critical component in maintaining consumer trust.

Cybersecurity Threats on the Rise

The online gambling sector is facing an increasing wave of cyber threats. Among the most common are Distributed Denial of Service (DDoS) attacks, which can cripple a website by overwhelming it with traffic. Account takeovers are another significant threat, where hackers gain access to user accounts, potentially leading to financial loss and identity theft. SQL injection attacks, which involve inserting malicious code into a database query, can also compromise user data.

The impact of these threats is not merely theoretical. Past data breaches in the sector have highlighted the severe repercussions for both operators and players. For operators, a breach can result in financial losses, legal liabilities, and reputational damage. For players, the consequences can be equally dire, undermining their trust in online platforms and deterring them from engaging with online gambling services in the future.

Harnessing Technological Innovations

To combat these threats, the industry is increasingly turning to technological innovations. The use of AI and blockchain technologies is being explored to enhance security measures. AI can help detect and respond to threats in real-time, offering a dynamic defence against cyber attacks. Blockchain technology offers numerous benefits; its decentralized and transparent nature ensures secure transaction records that are highly resistant to tampering. However, these technologies are not without their challenges. AI systems require large amounts of data to function effectively, raising concerns about privacy and data protection. Blockchain, while inherently secure, is not immune to vulnerabilities and requires careful implementation and management.

The Role of Player Protection Measures

Consumer protection regulations are at the forefront of the new gambling rules, requiring operators to implement measures against fraud and identity theft. This includes the secure handling of personal information and financial transactions. Operators are also required to install sophisticated monitoring systems that track player behaviour, identifying signs of problematic gambling. These systems must balance the need for user privacy with the need for intervention, ensuring that players are protected without infringing on their rights.

Industry Response and Future Outlook

The response from online gambling operators has been proactive. Many have invested in specialized IT teams and advanced security software to bolster their defences against cyber threats. Collaboration with cybersecurity firms is becoming increasingly common, facilitating the sharing of threat intelligence and best practices. These partnerships allow operators to stay ahead of emerging threats and ensure their platforms are secure.

Looking ahead, the future of cybersecurity in the Irish online gambling industry will likely be shaped by ongoing regulatory changes, technological advancements, and the evolving threat landscape. As global standards influence local practices, operators must remain vigilant and adaptable to maintain the trust and security of their users. The dynamic nature of the online gambling industry in Ireland challenges operators to not only comply with regulations but also stay ahead of cyber threats. As the sector grows, so too must the commitment to robust cybersecurity measures, ensuring a safe and secure environment for all involved.

In conclusion, the cybersecurity challenges faced by the Irish online gambling industry are multi-faceted and complex. They require a concerted effort from regulators, operators, and technology providers to ensure that the sector remains secure and trustworthy. As the industry continues to evolve, the focus must remain on protecting both operators and players from the ever-present threat of cybercrime.

Cybersecurity experts show biggest scam threats for 2025

Smarter, faster, and more sophisticated scams are coming. Thanks to AI, scammers are more efficient than ever, stealing money at record rates. Every day AI tools such as ChatGPT and OpenAI are used as scam arsenal, leading to around 13 million people in the UK to lose around £1.4bn each year.

Global scam protection leader F-Secure stays one way step ahead of cyber criminals, defending people from scams before they happen. F-Secure’s team of cybersecurity experts share the new threats the country will face in 2025:

New regulations for banks, telcos and social media companies who fail to prevent scams

Calvin Gan, Senior Manager, Scam Protection Strategy, says: “Right now lawmakers around the world are targeting telecom providers, banks, and social media companies, saying they should be held responsible when their customers fall victim to fraud. Australian lawmakers are pushing through a bill that will fine companies up to $50 million for failing to protect their customers from scams, and here, in a world first, UK bank refunds for fraud became mandatory after the Payment Systems Regulator (PSR) reduced the maximum compensation from a previous proposal of £415,000 to £85,000, covering more than 99% of claims.

“Passing new laws that empower businesses to beef up protection against scams is a welcomed move. Scam fighting is not a top-down only effort but involves everyone from governments to organisations and even individuals. Just like we’ve seen with GDPR in Europe forcing companies to take data privacy more seriously, new legislation like this would create an extra protection mechanism for consumers.

“Still, there’s no 100% guaranteed way to prevent scams from happening in the first place. People need to take precautions daily, especially on scam-prone channels like social media and messaging apps.

Cheap, easy AI tools will be deployed in sophisticated cyber attacks

Laura Kankaala, Head of Threat Intelligence: “Using AI tools for malicious purposes (like generating malicious and manipulative content) has already been evident throughout this past year. As we head into 2025, we are bound to see more sophisticated attacks that leverage everyday AI tools – like ChatGPT, ElevenLabs, or basically any AI tool that is cheap and easy to access online. The reality is that cyber criminals are abusing this readily available technology to fine-tune their scams and consumers must be better informed, whether that’s from their bank, mobile phone or another service provider, or by the cybersecurity industry to help educate consumers. We all play a part.“

“While AI companies do put restrictions on malicious usage, most of them are not very successful at it. They need to be doing more to stop the use of their platforms for nefarious purposes – it cannot only be left up to legislation to enforce boundaries for what kind of content can be generated. Bottom line, the companies developing these tools should also be held up to a higher moral standard.”

Multi-stage scams will become more prevalent 

Joel Latto, Threat Advisor, says: “Cybercriminals have long relied on social engineering, and multi-stage scams represent some of their most deceptive tactics. These schemes often involve direct interaction with victims, enhancing their believability. For instance, a scammer might call a victim claiming they’ve applied for a loan. When the victim denies it, they are “transferred” to a supposed bank representative—another scammer, probably sat next to them—who proceeds to seek sensitive banking details. Malware further elevates these schemes, rerouting legitimate customer service calls to fraudsters or tricking victims into contacting fake numbers embedded in phishing emails.

“Such scams are effective because victims believe they are speaking with genuine, helpful representatives, which makes them more susceptible under pressure. This is something we’ve seen dramatised through TV series’ such as Cold Call, which has recently rocketed up the charts on Netflix following its release five years ago. Perhaps more popular now because scams are much more commonplace, and viewers are much more likely to relate.

“Until now, the scalability of these scams was limited by the human capacity of fraudsters, who could only handle a limited number of interactions in specific languages and time zones. AI is changing this equation. With the rise of sophisticated conversational AI chatbots, scammers can now mimic real human interactions at scale, conducting conversations 24/7 across multiple languages. Coupled with realistic deepfake audio, these new call-based scams blur the line between human and machine interaction, making them far more dangerous than traditional robocalls.

“To counter these evolving threats, defenses must adapt, and mobile phone service providers must act. Blocking call-forwarding malware, detecting suspicious numbers, and developing sophisticated audio analysis tools to spot deepfakes are essential. Equally critical is educating users about the signs of scams and potential red flags. Defensive strategies must evolve as fast as attackers’ capabilities, leveraging AI-driven solutions and strong collaboration between cybersecurity experts, telecom providers, and regulatory bodies.”

High-yield, high-risk: the rise of Bitcoin investment scams on a new playing field

Sarogini Muniyandi, Senior Manager, Scam Protection Engineering, says: “Decentralised Finance (DeFi) is a new blockchain-based financial service that’s been gaining traction and acceptance over the last year. DeFi refers to financial services provided by an algorithm on a blockchain, without a financial services company. It is an alternative approach that largely operates outside the traditional centralized financial infrastructure.

“As DeFi becomes mainstream, scammers will take advantage of anyone interested in Bitcoin investment and other digital assets, especially those that are unfamiliar with the risks of blockchain-based finance. By 2025, DeFi is expected to attract even more users seeking alternatives to traditional finance. The DeFi market provides loans, interest-bearing accounts, and high-yield investments that promise substantial returns, which can entice investors of all experience levels. With the rising popularity of DeFi, the total value locked (TVL) in these projects is projected to grow, making it a prime target for fraudsters who can steal funds on a larger scale.

“DeFi platforms operate on decentralised blockchain networks, allowing users to participate without traditional identification or regulatory oversight. This open environment enables scammers to steal victims’ funds and vanish into thin air, all while remaining anonymous. By manipulating the smart contract and tools used to automate DeFi functions, the risks of stealing investor funds are at stake. Some DeFi platforms offer investors with unsustainable, extremely high-yield rates for farming Bitcoin derivatives, only for investors to later discover they can’t withdraw their Bitcoin or that the platform has disappeared with their funds.

‘While DeFi offers financial freedom and potential profits, its open, unregulated, and anonymous nature also creates a ripe environment for scams – something every Bitcoin investor needs to be aware of in 2025.”