Category: Cybersecurity

IT.ie launches gamified cybersecurity awareness training

IT.ie, the Irish IT managed services company, today, coinciding with Cybersecurity Awareness Month, announces the launch of a new gamified cybersecurity awareness training in a bid to help businesses to tackle the increasing risk of cyberattacks.

The service, which keeps employees on their toes by simulating real cyberattacks, reflects a growing use of gamification by organisations globally and across multiple industries to drive user engagement and business success. A study conducted by TalentLMS found that gamification increases engagement levels during cybersecurity training by 70%.

New regulations, including NIS2 and DORA, are resulting in ensuring that businesses are much more accountable for cybersecurity. Minimising the risk posed by employees will therefore help to reduce the success of attacks. This will save businesses money through decreased insurance premiums, as well as any money that may be paid as ransom.

Human error currently accounts for 90% of data breach incidents. IT.ie’s gamified solution aims to reduce that risk by creating an engaging experience which encourages employees to maintain and upskill their cyber-resistance. This is essential as hackers continue to barrage organisations and their employees with attempted attacks using methods such as phishing, social engineering, malware, ransomware, and spoofing.

IT.ie’s solution begins with a gap analysis, which identifies areas where individuals may be vulnerable and require improvement such as awareness of phishing tactics, or effective password management. The result of the analysis allows IT.ie to create a personalised training path for each user to strengthen the areas where they are weakest.

These training paths feed into Learn.IT, which involves digestible, interactive sessions designed to be engaging, allowing employees to develop their knowledge in manageable increments without significant disruption to their daily workflow.

The gamification comes into play with the Phish.IT element of the solution, which regularly targets employees with realistic phishing attempts to test their recognition, awareness, and response to threats. These simulated attempts mean that employees can get practical use out of the skills they have developed through the training.

As employees engage with the solution, this feeds into an overall company risk score. Over time, businesses and their employees can see the benefits that the training is having as their score decreases. This measurement of success also helps to create a sense of collective responsibility and a positive cybersecurity culture within organisations.

Eamon Gallagher, founder and managing director, IT.ie, said:

Through experience, we know that the journey a business takes in developing a coherent cybersecurity strategy is not achieved overnight, and employees are the last line of defence in terms of the cyber threat landscape. Our Cyber Awareness Training & Phishing simulation platform paves the way for organisations to invest in their people so as to ensure the development of a robust and healthy cyber security culture.  Our goal is to create an experience that is personalised, easily consumable and not overly disruptive from other important day-to-day tasks.”

HP Wolf Security Uncovers Evidence of Attackers Using AI to Generate Malware

HP has issued its latest Threat Insights Report revealing how attackers are using generative AI to help write malicious code. HP’s threat research team found a large and refined ChromeLoader campaign spread through malvertising that leads to professional-looking rogue PDF tools, and identified cybercriminals embedding malicious code in SVG images.

The report provides an analysis of real-world cyberattacks, helping organisations to keep up with the latest techniques cybercriminals are using to evade detection and breach PCs in the fast-changing cybercrime landscape.  Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include:

  • Generative AI assisting malware development in the wild: Cybercriminals are already using GenAI to create convincing phishing lures but to date there has been limited evidence of threat actors using GenAI tools to write code. The team identified a campaign using VBScript and JavaScript believed to have been written with the help of GenAI. The structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware. The attack infects users with the freely available AsyncRAT malware, an easy-to-obtain infostealer which can record victim’s screens and keystrokes. The activity shows how GenAI is lowering the bar for cybercriminals to infect endpoints.
  • Slick malvertising campaigns leading to rogue-but-functional PDF tools: ChromeLoader campaigns are becoming bigger and increasingly polished, relying on malvertising around popular search keywords to direct victims to well-designed websites offering functional tools like PDF readers and converters. These working applications hide malicious code in a MSI file, while valid code-signing certificates bypass Windows security policies and user warnings, increasing the chance of infection. Installing these fake applications allows attackers to take over the victim’s browsers and redirect searches to attacker-controlled sites.
  • This logo is a no-go – hiding malware in Scalable Vector Graphics (SVG) images: Some cybercriminals are bucking the trend by shifting from HTML files to vector images for smuggling malware. Vector images, widely used in graphic design, commonly use the XML-based SVG format. As SVGs open automatically in browsers, any embedded JavaScript code is executed as the image is viewed. While victims think they’re viewing an image, they are interacting with a complex file format that leads to multiple types of infostealer malware being installed.

Val Gabriel, Managing Director of HP Ireland, comments: 

There has long been speculation about AI being used by attackers, but evidence has been scarce, so this finding is significant. Typically, attackers tend to obscure their intentions to avoid revealing their methods, so this behaviour indicates an AI assistant was used to help write their code. It’s cases like this that showcases threat actors are constantly updating their methods. Instances like this one further lower the barrier to entry for threat actors, allowing novices without coding skills to write scripts, develop infection chains, and launch more damaging attacks. So, businesses must build resilience, closing off as many common attack routes as possible and adopt a defence in depth strategy to mitigate any risks.”

By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches.

The report, which examines data from calendar Q2 2024, details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools, such as:

  • At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanners, the same as the previous quarter.
  • The top threat vectors were email attachments (61%), downloads from browsers (18%) and other infection vectors, such as removable storage – like USB thumb drives and file shares (21%).
  • Archives were the most popular malware delivery type (39%), 26% of which were ZIP files.

HP Wolf Security[i] runs risky tasks in isolated, hardware-enforced virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that can slip past other security tools and provides unique insights into intrusion techniques and threat actor behaviour.

Keeping Patient Data Safe: Why Cybersecurity Is Important in Medicine

Like most areas of our society, health care has wholeheartedly embraced the boom of digital technology. Computerised equipment and ‘smart’ medical devices have revolutionised patient care, and looking back on the last twenty years, the sorts of advancements that have come about are nothing short of outstanding. 

Of course, it’s not perfect. As is the case with any infrastructure that relies heavily upon technology, there’s always the concern of cyber security. In this article, you’ll learn about the main considerations medical institutions need to make. 

On Data Breaches

Given the vast amounts of personal, sensitive data that hospitals and medical centres deal with on a daily basis, they’ve become a prime target for cybercriminals

Whether it be stealing patient medical histories, financial records, insurance details, bank information, and more, hackers frequently seek to target hospitals for the immense value this sort of data has on the black market for use in fraud and ransom schemes. 

Thankfully, hospitals have now started to employ rigorous encryption methods to ensure patients are protected.

The Risk Involved With Medical Devices

While there wasn’t much concern even ten years ago, the leap in technological advancements seen in medical devices has become a hot topic where cybersecurity is concerned. 

More and more frequently, implantable devices and screening equipment are connected to the internet as standard; this can offer very valuable insight for researchers, but it comes at the added cost of potentially compromising cyber security. 

Aside from the obvious worrisome issue of personal data being leaked, there’s the much more serious implication of hackers being able to interfere with the actual mechanisms of these devices – a very dangerous precedent for patient safety. 

Thankfully, companies like Blue Goat Cyber exist: they work to secure medical devices from a cybersecurity perspective before they even hit the market.  

Training and Awareness in Cybersecurity


When we’re talking cybersecurity, it’s mostly all about letting the latest technology do the work. That doesn’t mean to say that human intervention isn’t crucial, however. 

Over the last several years, hospitals and medical centres have placed a huge focus on training their staff on how to safely handle sensitive and private data. This sort of training includes cyber hygiene (how to keep data organised and properly dispose of information no longer needed), how to distinguish fishing from regular email, and what steps to take to appropriately damage control in the unfortunate event that an attack does happen. 

Protecting against cyber attacks in a medical setting requires tight collaboration, as it can only take one weak link to have everything fall down like a stack of cards. Software and hardware – if properly maintained – is usually always rocksteady, so human error represents a key area for risk mitigation. 

Wrapping Up

While data breaches and cyberattacks in hospitals may be a scary prospect, with rigorous testing, thorough staff training, and the use of the latest cybersecurity software and hardware, the risks can be managed sufficiently enough that there isn’t a major cause for concern. Hopefully, you now have a better idea of how this standard can be accomplished. 

Expel Announces Expansion into Ireland with Creation of 50 Cybersecurity Jobs

Expel, the leading managed detection and response (MDR) provider, today announced plans to establish a fully remote workforce in Ireland, creating up to 50 high-skilled cybersecurity jobs over the next three years, thanks to the support of the Irish Government through IDA Ireland.

Expel’s investment is part of its ongoing expansion strategy into the EMEA (Europe, Middle East, and Africa) market and aims to tap into Ireland’s thriving technology ecosystem and skilled talent pool.

With a diverse customer base spanning industries such as aviation, technology, and professional sports, Expel’s move into Ireland marks a significant milestone in its global expansion efforts. Expel is trusted by some of the world’s most recognisable brands for their cyber security needs. The company combines world-class security practitioners and its AI-driven platform, Expel Workbench™, to provide cutting-edge visibility for cloud, hybrid, and on-premises environments.

This strategic expansion into Ireland underscores the country’s reputation as a global hub for technology and cybersecurity innovation. As Expel continues to strengthen its foothold in EMEA since its initial expansion into the market in late 2022, collaboration with IDA Ireland and this investment highlights an exciting cornerstone for the future of cybersecurity technology and the accompanying booming workforce in the region.

Emer Higgins, Minister of State for Enterprise, Trade and Employment, welcomed the announcement, saying: “We are delighted to welcome this investment in Ireland’s growing cybersecurity sector. The establishment of Expel’s remote workforce, creating 50 new high-quality jobs, demonstrates the strength of Ireland’s position as a hub for innovation and digital expertise. This commitment not only reinforces our reputation as a leader in the tech industry but also provides valuable opportunities for skilled professionals across the country. We look forward to supporting Expel’s continued success and growth in Ireland.”

 

Cat Starkey, Chief Technology Officer of Expel, said: “Ireland offers the rare mix of a world-class technology infrastructure, a highly talented workforce, and a cybersecurity culture that aligns with our own, making our decision to invest in growing our team there an easy one. We’re thrilled to grow our presence in Ireland, and we look forward to welcoming some of the world’s best cybersecurity professionals and engineers as Expletives.”

Michael Lohan, CEO of IDA Ireland said: “Cyber security continues to be an important cluster across Ireland, and we are a recognised destination of choice for global tech companies. Expel’s decision to establish operations here is a testament to the strength of our talent and technology ecosystem. We are delighted to welcome Expel and look forward to supporting their growth as they create new opportunities in cybersecurity, a critical industry for our economy and the wider global market.”

Building a Zero Trust Architecture: Key Considerations

Cybersecurity has become a major concern for businesses of all sizes. With the rise of sophisticated attacks, you’ve probably heard the term “Zero Trust” being thrown around. It’s not just a trend in the industry. It’s a shift in how we think about protecting our systems and data. The traditional approach, which assumed everything inside the network was safe, is no longer effective. In today’s world, threats can come from anywhere. So, instead of blindly trusting what’s inside, Zero Trust operates on the principle of “never trust, always verify.”

This article explores key considerations when building a Zero Trust architecture and how it can help protect your business in an ever-evolving threat landscape.

1. Understanding the Need for Zero Trust

In today’s threat environment, cyberattacks have become more complex. Organizations can no longer rely on the old method of building a strong perimeter and assuming everything inside is safe. The rise of insider threats and more advanced attack methods demand a more thorough approach.

One reason Zero Trust has gained so much attention is that attackers are increasingly targeting key identity systems. Common attacks on Active Directory (AD), for example, are on the rise. AD holds essential identity information, making it a high-value target for cybercriminals. Attackers often exploit weaknesses in privileged access management to breach systems. Once inside, they move laterally across the network, often gaining full control of the environment. This makes securing Active Directory critical when considering Zero Trust.

By implementing a Zero Trust model, businesses can better protect their identity systems, such as AD, by ensuring that every action, whether it’s a login or access to a resource, is verified continuously.

2. Identity and Access Management (IAM) at the Core

At the heart of any Zero Trust architecture is Identity and Access Management (IAM). IAM ensures that only the right people, devices, and applications can access your systems, and it does so by verifying them continuously, not just once. In the past, a user would log in and, once inside, be trusted until they logged out. Zero Trust changes that by constantly checking if the user should still be granted access.

One critical element of IAM is multi-factor authentication (MFA). MFA requires users to verify their identity through more than one method, such as a password and a mobile app confirmation. Relying on passwords alone is risky, as passwords can be stolen, guessed, or reused across multiple accounts.

Zero Trust takes identity management a step further by ensuring that users only have access to what they need, nothing more. This limits the scope of potential damage in the event of a breach.

3. Microsegmentation: Controlling Access to Network Resources

Microsegmentation is another key principle in a Zero Trust environment. In simple terms, it means breaking your network into smaller, more secure segments. This way, even if an attacker gains access to one part of your network, they can’t easily move to another part. Each segment acts like a locked room that the attacker would need additional verification to enter.

This approach helps limit lateral movement, a common tactic used by cybercriminals once they’ve breached a network. By limiting what users and devices can access, you make it much harder for attackers to navigate and compromise other parts of your environment.

Microsegmentation also works hand-in-hand with the idea of least-privilege access. Users and systems should only be granted access to the resources they absolutely need to do their job and nothing more. By applying this concept, you reduce the chances of attackers gaining access to critical resources even if they breach a less important part of the network.

4. Monitoring and Logging Everything

In a Zero Trust architecture, monitoring and logging play a critical role. Continuous monitoring allows organizations to track every request, transaction, and action happening on the network. This ensures that nothing goes unnoticed, and any suspicious behavior can be caught and responded to quickly.

Logging is equally important. By keeping detailed logs of all network activity, security teams can trace the steps of an attacker and better understand how they gained access and what they did once inside. This information is invaluable for both preventing future attacks and improving your current security measures.

Advanced monitoring tools can also help by sending real-time alerts when something unusual happens. For example, if a user suddenly tries to access a part of the network they’ve never accessed before, a security team can be notified immediately and take action to verify whether it’s legitimate.

5. Enforcing Least Privilege Access

“Least privilege” is a core principle of Zero Trust. This means that users and systems should only have the access they need to perform their tasks and nothing more. If a user needs temporary access to a resource, they should be given it for the time required and then have that access revoked.

By limiting the scope of access, even if an attacker gains control of an account, they can’t use it to access critical systems or sensitive data. Regularly reviewing access permissions is important to ensure that users aren’t sitting on permissions they no longer need.

Admins are especially important to monitor. Admin accounts often have access to sensitive data and system controls, making them prime targets for attackers. Ensuring that admin privileges are tightly controlled helps minimize the risks of a breach.

6. Protecting the Network Edge

In today’s remote work world, the network edge has expanded beyond the physical office. Employees are accessing company resources from home, cafes, and various other locations. With this in mind, Zero Trust needs to protect not just the internal network but also the devices and users accessing the network from the outside.

This means verifying users and devices every time they connect, no matter where they are. Whether it’s a cloud service, a remote worker, or an external partner, Zero Trust ensures that access is always verified, regardless of the location or device being used.

7. The Role of Automation in Zero Trust

Automation can play a significant role in enforcing a Zero Trust architecture by handling the heavy lifting of continuous verification. In a Zero Trust environment, every action, login attempt, and data access request requires validation. With hundreds or even thousands of users making requests every minute, managing these processes manually is not just inefficient—it’s practically impossible. This is where automation steps in to streamline the workload.

Automation tools can be programmed to enforce security policies consistently, ensuring that no exceptions or mistakes slip through the cracks. For instance, they can instantly revoke access for users exhibiting unusual behavior, preventing potential threats from escalating. Additionally, automated systems can monitor for known attack patterns, like credential stuffing or lateral movement, and block such actions before they cause damage.

Building a Zero Trust architecture may seem like a big task, but it’s one of the best ways to protect your organization in today’s threat landscape. By focusing on identity verification, limiting access, and constantly monitoring activity, you can secure your network without relying on outdated assumptions of trust.

As cyberattacks continue to evolve, so should your approach to security. Zero Trust offers a modern, proactive way to defend against attackers, making it an essential strategy for businesses looking to protect their data and systems effectively.

Grant assistance announced for businesses with Cybersecurity

Enterprise Ireland and the National Cyber Security Centre today launched the Cyber Security Review Grant which will assist SMEs to take steps to review and update their online security measures to mitigate against the risk of cyber-attacks.

The grant will be administered by Enterprise Ireland, in collaboration with the National Cyber Security Centre.  It will provide Enterprise Ireland clients with access to cyber security experts who will conduct an initial independent review of the company’s cyber security status, identify vulnerabilities, and develop a clear roadmap for the business to enhance their security measures.

The Cyber Security Review Grant is being made available from €85 million in funds that have been allocated to the Department of Enterprise Trade and Employment through the European Union’s NextGenerationEU funding instrument for supporting the digital transformation of enterprise as part of Ireland’s National Recovery and Resilience Plan. This funding is being channelled into:

•    The Digital Transition Fund for the establishment of a digital portal and to provide for direct to company supports.

•    Four European Digital Innovation Hubs with the aim of helping companies (notably SMEs) access research infrastructure, technical expertise and experimentation in order that these organisations can ‘test before invest’.

A suite of digital supports for enterprise is already available under the Digital Transition Fund through Enterprise Ireland, IDA and Údarás na Gaeltachta and the Cyber Security Review Grant launched today expands on the digital supports available from Enterprise Ireland to its clients under this Fund.

Businesses that avail of the Cyber Security Review will receive consultancy from a qualified, external cyber security expert who will investigate current company practices and review the technical implementation of both on-site and cloud software. A detailed report in line with National Cyber Security Centre’s best practise will then be delivered, outlining actionable steps to improve the company’s cyber security position.

Speaking at the launch Minister of State for Trade Promotion, Digital and Company Regulation Dara Calleary TD said: “Irish businesses are increasingly using AI and advanced digital tools to achieve success in international markets. Ensuring the security of the data used in these tools is a crucial foundation for this success. This new cyber security grant will ensure that Irish businesses who embrace digitalisation to strengthen and grow their business can do so with total confidence in their online security.”

Minister of State for Business, Employment and Retail Emer Higgins TD said: “Irish businesses are leading the way and setting the standard for digital transformation across all sectors. They understand the value of enhancing their digital security. I am delighted that the Cyber Security Grant will provide support with the essential first steps towards achieving international best practices in cyber security, an increasingly important factor when competing for business on a global stage.”

Minister of State with responsibility for Public Procurement, eGovernment and Circular Economy Ossian Smyth TD said: “DECC’s Statement of Strategy, Le Chéile 25, sets an ambitious objective to realise a vibrant and expert cyber security industry in Ireland. The collaboration of the NCSC with Enterprise Ireland to deliver this first-of-its-kind grant scheme represents a key milestone in Le Chéile 25 and in the National Cyber Security Strategy 2019-2024.”

Anne Lanigan, Divisional Manager, Technology Services, Enterprise Ireland said: “Leveraging digital tools can significantly enhance your company’s capabilities. However, it is crucial to invest in protecting sensitive information and mitigating the risk of cyber-attacks. This is especially important as recent advancements in AI have made smaller businesses more attractive targets for malicious actors. The Cyber Security Review aims to help business examine any pitfalls which may leave their systems open and vulnerable to compromise and allows them to put the appropriate measures in place. As we enter into International Cyber Awareness month I would encourage EI clients to avail of the support to help them remain one step ahead in an increasingly heightened cyber threat environment.”

Speaking at the launch, the Director of the NCSC, Richard Browne noted: “I’m delighted that we were in a position to partner with Enterprise Ireland in designing the Cyber Security Review Grant. Not only will this enhance the cyber resilience of our Irish businesses, but it supports indigenous Irish enterprises to build up our industrial capacity in cybersecurity.”

The support is available to Enterprise Ireland clients with 80% of the fixed project cost covered to the value of €3,000, encompassing all project expenses, including consultant time and other related costs.

To learn more and apply online visit www.enterprise-ireland.com/cybersecurityreview.

‘The People Hacker’ Jenny Radcliffe to headline Dublin Cybersecurity Lunch and Learn

Renowned social engineer and ‘The People Hacker,’ Jenny Radcliffe, will be the keynote speaker at an upcoming Cybersecurity Lunch and Learn Event, hosted by Viatel Technology Group on October 4th, 2024.

With a background in burglary, con-artistry, and non-verbal communication, Radcliffe has spent her career ethically exploiting the ‘human element’ to help businesses and organisations identify and address security vulnerabilities. The upcoming event, designed for senior IT managers and C-suite executives concerned about their cyber responsibilities, will provide attendees with invaluable insights into the current Irish cyber threat landscape. 

With cyberattacks becoming increasingly sophisticated, understanding the tactics employed by malicious actors is crucial in safeguarding sensitive data and protecting businesses from financial and reputational damage.

Radcliffe’s unique insights and engaging presentations have made her a sought-after speaker at cybersecurity events around the globe, and she expressed her enthusiasm for the event, stating, “I’m excited to be heading to Dublin for Viatel’s Cybersecurity Lunch and Learn Event, and I am looking forward to sharing insights and driving important discussions in the cybersecurity community.”

The Cybersecurity Lunch and Learn Event will be held at the popular FIRE Restaurant, located at the Mansion House, Dublin, from 12pm on Friday, October 4th. Prior registration is absolutely essential with places limited. Senior IT managers and C-suite executives are encouraged to register early to secure their attendance. Registration via www.viatel.com

Data loss and ransomware attacks among top cloud cybersecurity risks

A new survey from leading Irish IT managed services provider Auxilion reveals that data loss/theft and ransomware/malware attacks were the cybersecurity concerns most cited by IT leaders when it comes to the cloud – at 30% respectively.

The research, carried out by Censuswide and involving IT decision-makers across large enterprises in the Republic of Ireland, found that 40% of respondents see IT security risks as a main concern associated with adopting and managing cloud computing.

A similar proportion (42%) said that the changing cybersecurity landscape was one of the biggest obstacles to the successful delivery of their IT strategy. Moreover, one in four (26%) IT leaders in Ireland do not think current laws and regulations are sufficient to protect privacy, access, and confidentiality in a cloud-based environment.

Adding to this, almost a quarter (24%) of IT decision-makers surveyed who are currently using the cloud do not think their own organisation has sufficient capabilities to manage cloud computing and more than a third of those respondents admitted to having little or no visibility of their workloads in the cloud (36%).

Despite this, some 83% consider cloud to be a more secure approach for their organisation. It appears that IT leaders are being proactive in this area with 83% also having a cloud security strategy in place and 73% currently using a technology partner to manage their cloud strategy and services.

The study also found that the shift to cloud is set to continue with nearly all respondents (96%) expecting to migrate more workloads, applications, and processes to the cloud over the next 12 months.

On October 9th, Auxilion, HPE and Zerto will be holding an event hosted by broadcaster Ivan Yates to discuss the increased need for robust data protection, cloud security, and business continuity capabilities.

Donal Sullivan, CTO, Auxilion, said: “While the cybersecurity landscape is constantly evolving, organisations are facing an even bigger uphill battle at the moment with the rise of threats enabled by Artificial Intelligence and the introduction of the European-wide NIS2 regulation in October.

“This means businesses not only need to be more proactive when it comes to securing their data and responding to incidents, they also need to ensure that they are meeting their compliance and regulatory obligations. This requires the right technologies and partners that can support security, mobility and scalability.

“The truth is that in this day and age, resilience and recovery are as important as detection and prevention when it comes to cybersecurity. Businesses which fail to recognise this and adapt their strategy could be at risk operationally, reputationally and financially.”

Chris Rogers, Senior Technology Evangelist, Zerto, said: “Rapid recovery from a cyber incident is more than a reactive measure – it’s a critical component of a resilient and forward-thinking business strategy. The ability to swiftly bounce back from disruptions not only minimises downtime but also safeguards reputation, customer trust, and bottom line.

“The real competitive edge lies in turning these challenges into opportunities for growth and innovation, and partnering with experts to unlock advanced cyber resilience capabilities can significantly accelerate an organization’s journey to cyber maturity.”

Almost a third of businesses in Ireland reserve budget for paying ransoms

Expleo, a global engineering, technology and consulting service provider, today announces research findings which show that 31% of businesses in Ireland reserve budget to pay ransoms in the event of successful cyber attacks. The survey also found that despite most organisations tackling multiple cyber-threats on an ongoing basis, only a small proportion expect to fall victim to a cyber-attack in the next 12 months.

In anticipation of the launch of its Business Transformation Index 2024, Expleo’s analysis surveyed medium- to large-sized businesses across the island of Ireland, uncovering the impact and prevalence of cybersecurity threats. It found that the payment of ransoms, and the expectation of paying them, is embedded in many organisations’ cybersecurity strategies. In the last 12 months alone, 33% of businesses have paid a ransom to cyber-criminals.

The research found that one-third of enterprises have been severely impacted by an incident within their organisation in the last 12 months, while 31% have been severely impacted by a cybersecurity incident in their supply chain.

Given the devastating impact that cyber-attacks have on business operations and customer trust, the research found that businesses are preparing for significant investments in cybersecurity in the next 12 months. Expleo’s research found that the average enterprise in Ireland will spend €1.18M on cybersecurity in the next 12 months with one in seven spending more than this. Signalling what this could be spent on for some, a sizeable proportion (27%) of organisations reported that their security technologies and processes are outdated. Meanwhile, a quarter of businesses admitted that they do not invest enough in cybersecurity.

Overall, the survey pointed to an acceptance among businesses in Ireland that they will fall victim to cyber attacks, with 29% saying they anticipate this in the next 12 months. However, this is far lower than the proportion of businesses who fell victim to cyberattacks in the last 12 months. Half of all businesses admitted that their defences were breached by a ransomware attack in the last 12 months, rising to 53% of businesses who fell victim to social engineering attacks. In fact, of the 89% of businesses who said they were targeted with social engineering attacks in the last 12 months, 60% reported that the attacks resulted in a security breach.

The majority of businesses have also been targets of voice-cloning, phishing, whaling (phishing attacks on senior figures in the organisation), malware and AI-powered attacks in the past year, with success rates of between 40% and 50% across all cyberattacks.

Rob McConnell, Global Solutions Director, Expleo Group, said“Given the high success rates of known cyber-attack attempts, our research shows that if businesses have avoided falling victim to one type of attack, they have probably not been so fortunate with another. We have reached the point where it is not if you will be targeted, but when and how often. Every single business should expect to be targeted by sophisticated attacks on an ongoing basis. It is only with this level of pragmatism that they will be able to deploy the defences needed to combat or detect these advances.

“At the most basic level, enterprises must be confident that they are investing enough in cybersecurity and that their systems and processes are constantly being updated and reinforced. But that will only go so far in protecting them. Organisations must adopt zero-trust frameworks which mean even the CEO is not trusted by the network.

“This is the reality of doing business anywhere in the world today. Businesses that accept this can adopt a culture of openness that will remove some of the blame game associated with cybersecurity. In doing so, they will be able to work proactively towards a more robust organisation with the mindset and infrastructure needed to mitigate risk.”