Tag: breaches

Powering the next generation of Irish tech startups

From early-stage SaaS startups in Dublin to scaling fintechs in Cork and Galway, Ireland’s tech ecosystem is thriving. But as competition intensifies, efficiency and agility have become the new currency of growth. For young companies balancing innovation with tight budgets, business cloud storage is now essential. It provides the secure, scalable foundation that keeps data protected, teams connected, and operations running smoothly as startups evolve.

Smarter cloud infrastructure for smarter businesses

Traditional IT setups require heavy upfront investment in servers, software, and maintenance. Business cloud storage removes that burden entirely. Instead of purchasing physical hardware, startups can store, share and back up data online, and pay only for what they use. This approach frees up capital to reinvest in product development, customer acquisition or talent, rather than tying up funds in infrastructure that may quickly become obsolete.

Flexibility and security that scales with ambition

Startups rarely grow in a straight line. Demand can spike overnight after a funding announcement or major partnership. Business cloud storage systems are built for that unpredictability. With scalable storage plans and integrated security, Irish startups can expand capacity instantly without worrying about server upgrades or downtime. This flexibility makes it easier to experiment, pivot, and grow sustainably.

As the number of data breaches continues to rise across Ireland, maintaining data integrity has become a strategic necessity for all companies. Reputable business cloud storage platforms use end-to-end encryption, access controls and regular backups to protect sensitive files from loss or unauthorised access. This level of security not only safeguards company assets but also reinforces trust with clients, partners and investors.

Collaboration without borders

Many Irish startups operate remotely or across hybrid teams. Cloud-based file sharing ensures that everyone—from founders to freelancers—can access up-to-date project files anywhere, anytime. It eliminates version control issues and supports real-time collaboration, even across time zones. 

For small teams trying to move fast, that can be the difference between closing a deal and missing a window of opportunity. Beyond day-to-day communication, it also streamlines client management, onboarding and project delivery and allows teams to share proposals, feedback and updates securely in one place. This seamless connectivity helps startups maintain momentum and consistency as they grow.

Business cloud storage: The bottom line

Business cloud storage is a cost-saving tool and an operational growth enabler. It gives startups the infrastructure of an enterprise at a fraction of the price, letting them focus on what matters most — innovation, execution and scaling.

Majority of Irish business leaders believe artificial intelligence could pose a risk to their business

Nine in ten Irish businesses (90%) are concerned about the risks artificial intelligence (AI) poses to their business. This compares to six in ten (63%) UK businesses, suggesting that Irish businesses are more worried about AI than their UK counterparts.

Research from insurance broker and risk management company Gallagher in Ireland has revealed that almost nine in ten (89%) Irish businesses are concerned about the increased threat of privacy violations and data breaches which AI could bring, with a similar number (88%) worried about the potential for AI to produce misleading or incorrect information.

Gallagher commissioned a survey of 300 business decision makers across the UK & Ireland, 100 of which are based in Ireland. The survey examined the level of concern about AI amongst Irish businesses and what those concerns related to.

Top six AI risks identified by Irish businesses:

  1. Increased threat of privacy violations and data breaches (89% of Irish businesses said they are concerned about this)
  2. Errors and the potential for AI to produce misleading or incorrect information (88%)
  3. Algorithm bias and discrimination (84%)
  4. Liability or legal accountability in the misuse of AI (83%)
  5. Greater vulnerability to cyberattacks and fraud (82%)
  6. The lack of skills within their organisation to leverage AI (82%).

Commenting on the survey findings, Laura Vickers, Managing Director of Commercial Lines in Gallagher said:

“AI is a rapidly evolving technology that has advanced at a quick pace. While there are many benefits to using the technology, including its ability to streamline processes and offer an enhanced customer experience, our research shows that its fast-growing capabilities and increasingly widespread use have raised concerns amongst businesses.

“Many entrepreneurs and managers have spent years, even decades, building up their firms into successful businesses, therefore it is essential that they proactively address any potential risks.”

 Gender, age and geographic divides

 Other highlights to emerge from the Gallagher research include:

  • 100% of business decision makers in legal, manufacturing, marketing and public relations, utility, business services and professional services firms said they were concerned about the risks AI posed to their business.
  • Concern about AI risks was also high amongst healthcare businesses (96% of business decision makers in this sector said they were concerned about the risks AI posed to their business), financial services firms (94%), construction (89%), hospitality and leisure (88%) and retail (87%).
  • The firms displaying lower levels of concern about AI risks were IT and computing businesses, where only half (50%) of respondents expressed concerns about the technology.
  • Businesses in Dublin (94%), Ulster (94%) and Connacht (89%) are most inclined to be concerned about the risks which AI could pose to their firm while Munster (80%) and Leinster (81%) firms were least concerned.

Ms Vickers added: “It is interesting that our survey found that IT businesses were amongst the least concerned about AI. Perhaps this suggests that those working in IT are more familiar with and better able to understand and manage AI. If Irish businesses learned more about this technology, it may help them to overcome their fear around it – and it may also empower them to make the most of the new technology, while also avoiding the risks and dangers it might bring.”

HP Wolf Security Uncovers Evidence of Attackers Using AI to Generate Malware

HP has issued its latest Threat Insights Report revealing how attackers are using generative AI to help write malicious code. HP’s threat research team found a large and refined ChromeLoader campaign spread through malvertising that leads to professional-looking rogue PDF tools, and identified cybercriminals embedding malicious code in SVG images.

The report provides an analysis of real-world cyberattacks, helping organisations to keep up with the latest techniques cybercriminals are using to evade detection and breach PCs in the fast-changing cybercrime landscape.  Based on data from millions of endpoints running HP Wolf Security, notable campaigns identified by HP threat researchers include:

  • Generative AI assisting malware development in the wild: Cybercriminals are already using GenAI to create convincing phishing lures but to date there has been limited evidence of threat actors using GenAI tools to write code. The team identified a campaign using VBScript and JavaScript believed to have been written with the help of GenAI. The structure of the scripts, comments explaining each line of code, and the choice of native language function names and variables are strong indications that the threat actor used GenAI to create the malware. The attack infects users with the freely available AsyncRAT malware, an easy-to-obtain infostealer which can record victim’s screens and keystrokes. The activity shows how GenAI is lowering the bar for cybercriminals to infect endpoints.
  • Slick malvertising campaigns leading to rogue-but-functional PDF tools: ChromeLoader campaigns are becoming bigger and increasingly polished, relying on malvertising around popular search keywords to direct victims to well-designed websites offering functional tools like PDF readers and converters. These working applications hide malicious code in a MSI file, while valid code-signing certificates bypass Windows security policies and user warnings, increasing the chance of infection. Installing these fake applications allows attackers to take over the victim’s browsers and redirect searches to attacker-controlled sites.
  • This logo is a no-go – hiding malware in Scalable Vector Graphics (SVG) images: Some cybercriminals are bucking the trend by shifting from HTML files to vector images for smuggling malware. Vector images, widely used in graphic design, commonly use the XML-based SVG format. As SVGs open automatically in browsers, any embedded JavaScript code is executed as the image is viewed. While victims think they’re viewing an image, they are interacting with a complex file format that leads to multiple types of infostealer malware being installed.

Val Gabriel, Managing Director of HP Ireland, comments: 

There has long been speculation about AI being used by attackers, but evidence has been scarce, so this finding is significant. Typically, attackers tend to obscure their intentions to avoid revealing their methods, so this behaviour indicates an AI assistant was used to help write their code. It’s cases like this that showcases threat actors are constantly updating their methods. Instances like this one further lower the barrier to entry for threat actors, allowing novices without coding skills to write scripts, develop infection chains, and launch more damaging attacks. So, businesses must build resilience, closing off as many common attack routes as possible and adopt a defence in depth strategy to mitigate any risks.”

By isolating threats that have evaded detection tools on PCs – but still allowing malware to detonate safely – HP Wolf Security has specific insight into the latest techniques used by cybercriminals. To date, HP Wolf Security customers have clicked on over 40 billion email attachments, web pages, and downloaded files with no reported breaches.

The report, which examines data from calendar Q2 2024, details how cybercriminals continue to diversify attack methods to bypass security policies and detection tools, such as:

  • At least 12% of email threats identified by HP Sure Click bypassed one or more email gateway scanners, the same as the previous quarter.
  • The top threat vectors were email attachments (61%), downloads from browsers (18%) and other infection vectors, such as removable storage – like USB thumb drives and file shares (21%).
  • Archives were the most popular malware delivery type (39%), 26% of which were ZIP files.

HP Wolf Security[i] runs risky tasks in isolated, hardware-enforced virtual machines running on the endpoint to protect users, without impacting their productivity. It also captures detailed traces of attempted infections. HP’s application isolation technology mitigates threats that can slip past other security tools and provides unique insights into intrusion techniques and threat actor behaviour.

The Cyber Security Breaches Survey Identifies 39% Of UK Businesses Previously Experienced Cyber Attacks

In the corporate world, where remote workforces and cloud technologies have become the new norm, cyber security has taken centre stage. Recent statistics underscore the growing need for resilient cyber security measures as cyber threats continue to proliferate. 

The Alarming Reality: Cyber Threats on the Rise

The Cyber Security Breaches Survey, a comprehensive report on the state of cyber security in the UK, has unveiled a sobering truth. In 2022, an eye-opening 39% of surveyed businesses in the United Kingdom fell prey to cyber incidents. These attacks, characterised by their sophistication and the difficulty of preventing them, have fundamentally altered the way we perceive cyber security.

Once perceived as a possibility, cyber threats are now considered an inevitability. This shift in mindset has driven an increased demand for disaster recovery solutions that are both comprehensive and capable of rapid response and recovery. The reality is clear: businesses must take proactive measures to fortify their defences in the face of an ever-expanding digital threat landscape.

Outsourcing Proves To Be A Strategic Shift for Large UK Businesses

Among the notable trends stemming from the evolving threat landscape is the growing trend of large UK businesses choosing to outsource their cyber security operations. A staggering 60% of these enterprises have opted for this strategic move, reaping substantial benefits in the process.

The decision to outsource is motivated by several key factors, each of which underscores the wisdom behind this strategic choice:

Access to Specialised Expertise: Cyber threats have grown in complexity and scope, making it challenging for in-house teams to keep pace with the evolving threat landscape. Outsourcing security operations grants access to expert partners who specialise in staying one step ahead of cyber adversaries.

Abundant Resources: Cyber security is resource-intensive, from advanced tools and technology to personnel. By outsourcing, businesses gain access to a wealth of resources that might otherwise be cost-prohibitive.

Stringent Security Standards: Compliance with stringent security standards is imperative, especially for large enterprises. Expert cyber security partners are well-versed in these standards, ensuring businesses meet and exceed regulatory requirements.

By entrusting their cyber security to external partners, large UK businesses are freed from the burden of maintaining in-house cyber security teams, allowing them to focus on their core operations. This strategic shift is not merely a cost-saving measure; it is a proactive step toward enhanced cyber resilience.

The Way Forward: A Comprehensive Approach to Cyber Resilience

In light of the rising threat landscape, businesses must adopt a holistic approach to cyber resilience. This approach encompasses various elements, each essential for safeguarding business operations in an increasingly digital world.

Continuous Data Protection, or CDP, has emerged as a cornerstone of modern cyber security. CDP captures and tracks data changes, automatically saving every version of data as it evolves. This technology enables businesses to recover data at any given point in time, even mere seconds before an outage occurs. In an era of relentless cyber threats, CDP is an indispensable safety net.

Disaster Recovery as a Service (DRaaS) simplifies the complexities of disaster recovery by entrusting them to external partners. These partners provide fully managed services, offering expertise from implementation to recovery. In the face of an impending disaster, DRaaS ensures swift response and recovery, allowing businesses to resume operations with minimal downtime.

Peter Moorhead, Cyber Security CTO at Telefónica Tech, underscores the importance of adopting Disaster Recovery as a Service (DRaaS) solution; “DRaaS not only empowers businesses to tackle modern cybersecurity threats with continuous data protection but also provides the expertise, resources, and standards required to navigate the complex cybersecurity landscape. As cyber attacks become more sophisticated, organisations must invest in resilient disaster recovery strategies to safeguard their operations and maintain business continuity.”

With cloud computing becoming integral to business operations, it is imperative to develop strategies that ensure data security and recovery in the cloud. As businesses transition from legacy infrastructure to the cloud, disaster recovery requirements evolve. Having a trusted partner by your side who comprehends these changes is essential, regardless of whether you are in the early stages of transition or fully immersed in the cloud.

Sustainability is a crucial consideration in all areas of business, including disaster recovery. As businesses seek to minimise their environmental impact. DRaaS can mitigate the ecological footprint. By managing all backups and servers, DRaaS reduces the environmental impact associated with purchasing, maintaining, and upgrading legacy infrastructure. Additionally, the flexibility to add or remove services as needed optimises resource usage and minimises waste.

The Round-Up

The statistics from the Cyber Security Breaches Survey serve as a stark reminder of the urgent need for robust security measures. Embracing continuous data protection, disaster recovery as a service, and sustainable practices not only fortifies a business’s resilience but also contributes to a more responsible and secure future. As companies navigate the dynamic landscape of business in the digital age, one thing is certain: cyber threats are a reality, and it’s up to all businesses to fortify their defences and protect their digital assets.

How Sports Apps Are Protecting Your Data And Safeguarding Against Security Breaches

With the new year comes the start of a new season for many of your favorite sports. Also new this year was the launching of many online Sportsbooks in a few states. Coincidentally, with the state of Massachusetts set to launch online sports betting next month, BetMGM Massachusetts will have all the best sign-up bonuses for those looking to try their luck when Ireland’s own Conor McGregor steps back into the octagon for the UFC later this year.

As such, it’s now much easier to bet on your favorite players and teams. However, for those experienced bettors who may be used to placing their physical bets at a casino or retail sports betting site, there may be a legitimate concern for the security of their personal data. The challenge now is to assure potential users that they can trust that their information is secure. 

Setting up an online account usually requires some transferring of information, at least enough to advance past its age restrictions. Alternatively, if an individual who wished to wager a sizable amount of cash were to do so at a casino, such information would not necessarily be compulsory. Also, many geo-tracking devices will prevent bettors from placing wagers outside their place of residence or registration. 

Prior to the legalization of sports betting, in many states, it has been stipulated that sensitive information should be encrypted by all applications that store personal data. This in turn helped to institute a foundation for mobile regulations relating to sports betting. 

 

One of the legislations stated by many of the sports betting apps is that a user’s account must only be funded through an electronic, bank-to-bank transfer only if the operator has appropriate internal controls to guard against payment frauds or breaches. Payments like these (ACH transfers) have to be processed through the Automated Clearing House.

In addition, even stricter measures have been put in place to shelter customers. As many casinos and sportsbook sites accept credit card transactions and save deposits for patrons, they are also expected to meet Payment Card Industry (PCI) compliance standards. This is an incentive so companies are encouraged to create a secure environment for credit card transactions. 

Online gaming businesses, as well as sportsbook operators, must comply with the Bank Secrecy Act and the other requirements outlined by the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). Under federal law, all casinos must file a Currency Transaction Report on single or multiple transactions (minimum of $10,000) by any individual on a single day. 

Usually, when a customer places a bet, the supplier may only receive a reference number to identify that particular transaction and basic information such as the user’s location. The remaining personal information is gathered by the sportsbook in order to build its customer database. A few sportsbooks also provide security to guard against user liabilities. For example, MGM guarantees its customers cannot lose more than $50 if they fall victim to any unauthorized monetary transfers or upon proof of identity fraud. The claims must be made within two days of the occurrence. 

All licensed sports apps are required by law to utilize the most updated encryption techniques. Most use Secure Socket Layer (SSL) to encrypt server-to-server communication. Sports apps are not exempt from this legislation, and as such, they may use SSL encryption and sometimes even offer password security in an attempt to further secure your information. 

However, although most sportsbooks around the globe use SSL encryption certificates to prevent breaches in transaction data, mobile sportsbook applications may not always offer this same feature. Hence, users need to remain aware of the APIs (Application Programming Interfaces) on their mobile platforms, as any app utilizing this feature can restrict the possibility of a breach during information transfers. Any application lacking this authorization may be susceptible to a data breach. 

Any sports app can be the target of a cyberattack, and as a result, these security issues can affect not only the established sports industry but the online sports industry as well. Users must also be vigilant in remaining aware of security measures and the steps to be taken if a data breach is suspected. The process of creating an account, performing a cash transaction, placing a bet, and cashing out should be as seamless and simple as possible. Anything otherwise may lead to possible scams or hacks. 

One of the top priorities of online sportsbook apps is to ensure that their users’ information is kept private because the reputation of the business depends on it. Users can remain confident that their information remains secure as long as the sport application has taken the necessary steps to guard against breaches in data. 

Worst Business Data Breaches of 2021

Data breaches have a huge impact on organizations. All it takes is one tiny mistake to suffer a major security issue. That’s why it’s no secret that a data breach can destroy any company. Such cybersecurity incidents that lead to data breaches put the whole company’s network in danger. Entities need to use special security measures to avoid these serious consequences,

If a business experiences a data breach, it usually takes a toll on the company’s reputation, as the clients want to use other companies’ services where they feel safe. Unfortunately, you can say that everyone’s at risk. That said, keep reading to find out about the biggest and most notorious data breaches from last year. 

How do fraudsters breach data? 

As years go by, the main security gap that results in data breaches remains human error. Even though users aren’t directly associated with the breaches sometimes, they play the leading role in the success of cyberattacks. Usually, criminals gain access to data through insider leaks. For instance, a trusted employee with many privileges can still commit cyber theft. 

Another popular example is when cyber criminals break into lost or stolen devices. They can also exploit personal data by accessing drives or even physical folders. Typically, this happens due to hardware vulnerabilities, especially if companies use old software. In this scenario, criminals can inject malware and steal sensitive information. 

The impact of data breaches

If a business lacks security measures and has its data stolen, the chances are that the incident will impact the company’s sales. Reputational damage is a real deal, leading to the loss of clients and, eventually, a decrease in sales revenue. On top of that, the media picks up negative news and spreads it around the internet without the possibility of scraping it. Of course, such factors might scare off some potential new partners or customers. 

Not only new clients but also new employees are affected by data breaches. Specialists argue that data breaches can result in employee turnover, which adds more uncertainty and stress to the organization’s table. Let’s not forget that there are also legal penalties for non-compliance with the laws and security standards. In other words, the mitigation process is much more complex than the prevention procedures that ensure safety against data breaches. 

Now that we’ve wrapped up the basics, let’s continue with a short list of the worst data breach cases of 2021. 

Microsoft data breach 

Microsoft’s servers were attacked back in January of last year when some of the servers were affected. Hackers gained access to users’ credentials; this way, making their way through to other information systems that were connected to Microsoft’s network. To repair the damages, Microsoft released updates and updated its file encryptions. 

Facebook data breach

Facebook made the news last year for the wrong reasons when the personal data of over 533 million users was posted on a low-level hacking forum. Many important details were stolen, such as the users’ full names, emails, phone numbers, or location data. Fraud prevention specialists speculated that this data breach could be used as a channel to commit further crimes, for instance, impersonating people.

LinkedIn data breach 

The government launched an investigation on LinkedIn when hackers stole and shared the data of 700 million users. Even though LinkedIn tried to deny the damages in its statement, the evidence proved otherwise. The stolen personal details were uploaded to one of the forums on the Dark Web. The bad actor behind the data breach divided the stolen information into different parts, filtering the credentials by profession: IT specialists, Finance executives, and HR professionals. 

How to resolve the issue? 

There are essential security practices that companies must follow in order to safeguard their data. For example, using encryption, regularly updating software, and training your staff are the fundamental rules of an effective security strategy. Despite that, guaranteeing long-term data protection requires extra security layers. Nowadays, innovative companies choose to implement ID verification as a fraud prevention measure against dangerous attacks.

This service is powered by artificial intelligence, enabling smooth and secure customer identity verification services for businesses that want to onboard trusted accounts to their network. That means scammers and hackers with stolen identities are restricted from gaining access to the businesses’ services. Automatic ID verification detects photo or video spoofing, montage, and other graphic manipulations, leaving fraudsters out of the picture.