Tag: cyber

Why Businesses Must Address the Growing Menace of Cyber Threats

In today’s interconnected world, the proliferation of digital technologies has brought tremendous opportunities for businesses to thrive. However, along with these advantages comes the dark underbelly of cyber threats, posing significant risks to organizations of all sizes and industries. Cybercrime has evolved into a highly lucrative industry, with hackers constantly devising new methods to breach defenses and exploit vulnerabilities. It is imperative for businesses to prioritize cybersecurity and implement robust measures to protect their sensitive data, systems, and customers. This article delves into the pressing need for businesses to address the growing menace of cyber threats, highlighting the potential consequences of inaction and providing insights into effective cybersecurity practices.

I. The Expanding Cyber Threat Landscape

In recent years, the cyber threat landscape has expanded exponentially, becoming more sophisticated and widespread. Cybercriminals employ a wide range of tactics, such as malware, phishing attacks, ransomware, and social engineering, to target businesses and individuals. These threats are not confined to specific industries or regions, making organizations across the globe vulnerable. Moreover, the COVID-19 pandemic has further exacerbated the situation, with cybercriminals exploiting the chaos and remote work environments to launch targeted attacks. It is crucial for businesses to acknowledge the gravity of the situation and proactively address these threats.

II. The High Cost of Cyber Attacks

The repercussions of a successful cyber attack can be devastating for businesses, resulting in significant financial losses, reputational damage, and legal liabilities. The Ponemon Institute’s 2021 Cost of a Data Breach Report revealed that the average total cost of a data breach is a staggering $4.24 million. This includes expenses related to incident response, investigation, customer notification, legal settlements, regulatory fines, and potential loss of business. Small and medium-sized enterprises (SMEs) are particularly vulnerable, as they often lack the resources and expertise to combat cyber threats effectively. A single cyber-attack has the potential to cripple an entire organization and lead to long-term consequences.

 

III. The Crucial Role of IT Providers

Amid the rising threats, businesses must recognize the crucial role that IT providers play in safeguarding their digital assets. IT providers offer specialized knowledge and expertise to help organizations fortify their cybersecurity defenses. These professionals possess a comprehensive understanding of the evolving threat landscape, enabling them to implement robust security measures tailored to a business’s specific needs. As seen at grapevinemsp.com, IT providers offer services like vulnerability assessments, network monitoring, intrusion detection, and incident response. By partnering with trusted IT providers, businesses can enhance their cybersecurity posture and stay ahead of potential threats.

IV. Strengthening the Human Element

While technology is essential in defending against cyber threats, it is equally important to address the human element. Employees often unknowingly become the weakest link in an organization’s cybersecurity defense. Phishing attacks, where hackers manipulate individuals into revealing sensitive information, remain one of the most common entry points for cybercriminals. Businesses must prioritize ongoing training and awareness programs to educate employees about potential threats and equip them with the necessary skills to identify and report suspicious activities. By fostering a culture of cybersecurity awareness, organizations can empower their workforce to actively contribute to their defense against cyber threats.

V. Compliance and Regulatory Requirements

In addition to financial and reputational damage, businesses failing to address cyber threats adequately also face legal and regulatory consequences. Governments worldwide have implemented stringent data protection laws and regulations to safeguard individuals’ personal information. Organizations that fail to comply with these requirements face severe penalties, including fines, sanctions, and legal liabilities. For instance, the European Union’s General Data Protection Regulation (GDPR) mandates strict security measures and imposes fines of up to €20 million or 4% of global annual turnover, whichever is higher, for non-compliance. By prioritizing cybersecurity, businesses can ensure compliance with regulatory frameworks and avoid severe penalties.

VI. Building a Comprehensive Cybersecurity Strategy

To effectively tackle cyber threats, businesses must adopt a holistic and proactive approach to cybersecurity. A comprehensive cybersecurity strategy encompasses several key elements, including risk assessments, incident response plans, encryption protocols, regular system updates, and employee training. Businesses should conduct regular vulnerability assessments to identify potential weaknesses in their systems and promptly address them. Incident response plans should be developed and regularly tested to ensure a swift and coordinated response in the event of a breach. Encryption protocols should be employed to safeguard sensitive data both in transit and at rest. By integrating these measures, businesses can build a robust cybersecurity framework.

As cyber threats continue to proliferate and evolve, businesses must take immediate action to protect their digital assets and customer information. The expanding threat landscape, coupled with the high cost of cyber attacks and regulatory requirements, necessitates a proactive approach to cybersecurity. By partnering with trusted IT providers, strengthening the human element, and building comprehensive cybersecurity strategies, businesses can fortify their defenses and mitigate the risks associated with cyber threats. Safeguarding against cybercrime is not a luxury but an imperative for businesses operating in the digital age. By prioritizing cybersecurity, organizations can instill trust, protect their reputation, and ensure a secure future in an increasingly interconnected world.

Less than half of business leaders think their company is adequately prepared to respond to a cyber breach

A survey from Irish IT service provider Auxilion has revealed that less than half (44%) of business leaders in Ireland think their organisation is adequately prepared to respond to a cyber breach.

The survey of 100 C-suite executives in larger companies or enterprises (more than 250 employees) across Ireland, carried out by Censuswide, also revealed that more than a third (36%) of businesses fell victim to a cyberattack in 2022 and 44% of business leaders think their company will fall victim to a cybersecurity breach this year.

Moreover, some 42% don’t believe they have enough skills within their organisation to guide it through a cyber-attack and a similar proportion (41%) don’t believe their cybersecurity budget is adequate to protect against all risks.

Furthermore, 34% of respondents don’t believe their leadership team or board is doing everything it can to safeguard the company’s digital assets and data. Despite these concerns, just 20% of business leaders expect to invest in cybersecurity solutions in 2023.

The research also revealed that only 36% of business leaders think their organisation upholds governance adequately and 43% have had to abandon a project due to poor governance. The average cost of failed IT projects during 2022 came in at €840,671.

However, a little over half (51%) undertake an annual self-assessment of performance relating to governance or compliance. To improve governance, 43% said outsourcing to a third party would improve their company’s governance, with 44% already using a managed services provider.

The top benefits of working with managed services providers were found to be 24/7 assistance (21%), increased project delivery (21%), cost savings (20%), plugging the skills gap (20%), and improved productivity (19%). Eighteen per cent said supporting compliance, while enhanced security was cited by 17% of respondents.

Commenting on these results, Philip Maguire, Auxilion CEO and founder, said: “The survey highlights the need for organisations to identify and implement IT strategies which directly support business goals and address concerns – some of which could prove, or are already proving, to be quite costly.

 “Not only are companies facing the possibility of cyber breaches due to inadequate safeguards, but failed IT projects are also impacting the bottom line. That’s not to mention the worries business leaders have around plugging the skills gap and achieving company objectives.

 Organisations really need to look at what digital solutions and services they can deploy today to overcome such obstacles and capitalise on potential opportunities. As well as rectifying the areas of poor governance and inadequate cybersecurity, these technologies can also boost efficiency, support productivity and drive growth.”

Garda cyber crime email scam returns

Last year there was a Garda scam doing the round which had people concerned and it has popped up again this time looking totally different than before. Again this pertains to cyber crime and sex related crimes and is poorly written as the last one was and cites laws brought in March 2007. Again this is just another scam to trick you into handing over money and most likely lots of it. Here is what it looks like below.

 

Advice once again given and you should take heed of it and never open suspicious emails or text message.

  • Don’t respond to any unsolicited email seeking personal, financial or security advice.
  • Never click on a link or attachment in an unsolicited email.
  • If you believe the email is from a genuine source, verify this independently. Independently means independent of the email sender.
  • Independently verify any requests for information and never use the contact details supplied to you by the caller or texter. Independent means independent of the caller or texter.

Further fraud prevention advice can be found here https://www.garda.ie/en/crime/fraud/

EY Launches Managed Cyber Security Services

EY Ireland today announced the launch of its Managed Cyber Security Service, specifically tailored to support Irish SMEs and other businesses globally to defend against cyber security threats and attacks by reducing the cost and expertise barriers preventing many organisations from addressing their urgent cyber security needs.

Cyber-attacks are becoming more sophisticated and frequent as the abundance of connected devices means it is becoming ever more challenging for businesses, particularly those of a smaller scale, to keep up with the constantly shifting cyber threat.

Puneet Kukreja, EY Ireland Consulting Partner and Head of Cyber Security said, “A common myth is that a fully integrated in-house cyber infrastructure or a fully managed outsourced security capability is the only option. This can be resource heavy particularly for SMEs, leaving many businesses on the starting blocks where their cyber security journey is concerned.”

Results from EY Ireland’s recent Tech Leaders and CFO Outlook surveys point at cost and resource barriers, plus assumptions regarding levels of complexity as the key factors causing a failure-to-launch where cyber-preparedness is concerned.

Technology leaders acknowledge cyber-attacks as a growing external threat, with one in three citing cybersecurity risks as a challenge, however, cyber defence for their own businesses does not feature on their list of strategic and investment priorities. Organisations that experience a cyber breach invest in defences while others often divert spend elsewhere. These survey results show that many businesses are leaving themselves open to attack in a fast-paced digital world, where reliable cyber security protection is now more important than ever.

EY Ireland’s new Managed Cyber Security Operations Centre (MSOC) – that includes specialist services across the full spectrum of cyber – can support businesses who have been slow to embark on their cyber preparedness journey often due to misconceptions around expected technical complexity, lack of in-house skills and difficulty estimating cyber investment requirements. With SMEs these barriers become even more pronounced as they can be vulnerable to smaller budgets and no specialised security function to provide adequate cyber protection.

“The reality is that it is significantly more cost effective to protect against threats, than to react after the incident. Treating cybersecurity as an expense rather than an investment is counter-productive, leaving businesses wide open to attack. Modern, cloud-based infrastructure and open AI means that a single stolen credential or compromised account can be used by bad actors to launch an attack,” added Kukreja.

Insights from recent EY CTO and CIO research chimes with EY client feedback that, opting for tailored, outsourced Managed Cybersecurity Services allows businesses to overcome barriers, close internal resource and technology gaps and keep costs down, to clear the path towards accelerated growth.

North West Region set to take advantage of growth opportunities in cybersecurity

Regional Skills North West and Cyber Ireland have partnered to commission a “Cyber Security Skills Audit Report” to examine the shape of the cybersecurity sector in the North West region of Ireland. The report outlines the region’s strengths to attract companies seeking new locations for cybersecurity services giving a positive outlook for the region, while also highlighting improvements needed for the future of the sector. With the right investment and supports in place, the report forecasts that the North West region could see growth in cybersecurity related jobs quadruple from 250 this year to 830 jobs by 2030.

The research reveals that the region has a number of core strengths that make it an attractive location for cybersecurity investment including a new university in the area, Atlantic Technological University, that now delivers specific IT and cyber security degree and post graduate programmes. The report identifies at least 10 organisations offering cybersecurity services within the region including large multinational operators, Tata Consultancy Services (TCS) via its Letterkenny Global Delivery Centre and Optum, the international healthcare services provider, who have stated ambitions to further recruit and grow their cyber security skills talent base locally.

Tim Kelley, Strategic Head of TCS Threat Management Centres in UK, Ireland & Europe said: “This study rightly identifies the urgent need to accelerate investment to satisfy the demand for security skills. Our TCS Cyber Security Practice is committed to grow and strengthen our Ireland Threat Management Centre to service our customers needs from our global delivery centre in Letterkenny.”

He added: “I wholly support the report’s recommendations to ensure Ireland based talent can deliver on the global opportunities in the cyber security sector.”  

Other strengths identified in the report that make the North West region an attractive location for cybersecurity investment include the lower cost base for both employers and employees, in terms of housing, commercial rents and labour costs, the quality of life in the region and the access provided to nearby tech collaborative clusters, including Donegal Digital, Northern Ireland Cyber and Cyber Ireland’s West Chapter.

Co-author of the ‘Cyber Security Skills Audit Report’, Hilary McPartland, manager of the North West Regional Skills Forum said: “This report has captured the opportunity for cybersecurity in the North West.  It finds a vibrant ecosystem with great potential to grow. It’s the first step in our journey to build this sector to be one of the leaders in our region. I look forward to helping develop the talent and skills needed to support this dynamic sector vital to our economy and future success.”

Cyber Ireland’s ‘State of the Cyber Security Sector in Ireland 2023’ report estimates that there are currently 7,350 cyber professionals in the Republic of Ireland of which approximately 3% of these are now based in the NW region.

This latest study puts forward a number of recommendations for improvement and expansion of the cyber security sector within the region that require investment and supports now in order to realise the potential opportunities. This includes the creation of a cybersecurity culture through cyber awareness training for SMEs, driving cyber security standards in the region and enhancing the overall cyber community through more events and networking opportunities.

Continuing to build a talent pipeline from within the region for cyber jobs will also be critical with resources needed to raise awareness of career pathways and job readiness programmes facilitating entry into the sector. Findings from the study indicated that only 30% of cyber roles in the North West are filled by people from within the region.

Regional Skills North West and Cyber Ireland are now calling on all stakeholders in the region to pull together to grasp this growth opportunity by promoting awareness of the North West’s burgeoning cybersecurity ecosystem, its attractiveness as a location and the important contribution it can make to the local economy and innovation in the region.

Paul Brady, Senior Director, Enterprise Information Security at Optum said: “As both a business stakeholder and chapter lead for Cyber Ireland, I am excited to see this report come to fruition.  The report offers clear and sensible direction to promote the growth of cybersecurity in the North West region and I welcome the recommendation that now is the time to invest in cyber talent to take advantage of the opportunities ahead of us.”

Dell Technologies Storage Software Innovations Bolster Cyber Resilience and Advance IT Efficiency

Dell Technologies (NYSE: DELL) advances software-driven innovation across its industry-leading storage portfolio, driving increased cyber resiliency, energy efficiency and automation to power customers’ multicloud journeys.

Dell’s commitment to software development has resulted in more than 2,000 storage portfolio advancements in the past twelve months across every category of the external storage industry. These advances are available at no additional cost to existing customers and are consumable through on-premises software or as-a-Service via Dell APEX.

As data continues to pile up, and skilled IT talent often difficult to find, companies are finding themselves in a position to do more with less,” said Jeff Boudreau, president and general manager, Infrastructure Solutions Group, Dell Technologies. “We’re helping customers rise to this challenge by enabling them to make the most of their IT investments with storage software innovation that is more energy efficient, boosts productivity and strengthens cyber resiliency.”

Built to meet the most stringent security requirements across any industry

PowerStore, Dell’s intelligent all-flash data storage array, is delivering increased security to help today’s leading businesses adopt a Zero Trust model — a security architecture that provides continuous verification of users and resources to ensure the authorization of only known entities and actions.

Through PowerStore’s new security software enhancements, Dell is helping customers accelerate Zero Trust adoption to better protect, prevent and respond to cyberattacks. New advancements include:

  • STIG-hardening – Security Technical Implementation Guides (STIGs) meet the most stringent configuration standards as defined by the U.S. federal government and the U.S. Department of Defense.  STIG hardening adds to PowerStore’s adherence with the NIST Cyber Security Framework standard, which is required for U.S. federal networks and other government entities worldwide.
  • Secure and immutable snapshots – Prevents unauthorized deleting or modifying of snapshots before their expiration date.
  • Streamlined file permissions – Allows storage administrators to manage access directly from PowerStore to respond quickly to security threats.
  • Increased file resiliency – Up to 4x more mounted snapshots per system, giving users more protection points for granular recovery if needed.
  • Multi-factor authentication – Protects administrative access to PowerStore by requiring increased verification of a user’s identity.

 Dell helps customers drive increased productivity while keeping costs down

New PowerStore software automation and multicloud advancements help customers make the most of their existing IT investments while keeping operational and energy costs down. These new PowerStore features include:

  • Dell PowerProtect native integration – Organizations now have increased simplicity and choice driving their multicloud data protection strategies with convenient backup to the cloud capability through PowerStore’s deeper integration into Dell’s physical and software-defined data protection solutions. Backups can be configured in less than two minutes, directly from the PowerStore user interface, allowing customers to easily take advantage of PowerProtect appliances with up to 65:1 data reduction, DD Boost technology and other capabilities. The solution can enable cost-effective cloud archiving, reducing on-premises capacity requirements which can help reduce power and cooling costs.

  • DevOps workflow enhancements – New integrations with Ansible and Terraform and new application mobility capabilities with Dell Container Storage Modules help PowerStore customers accelerate innovation with flexible storage automation. By supporting these open source solutions, PowerStore gives DevOps workers easy-to-use storage automation tools and the ability to build repeatable, automated processes across diverse environments to provision storage without low-level coding or help desk support.

PowerStore delivers up to 60% more IOPS (input/output operations per second) per watt, now available with ENERGY STAR certified configurations, providing dramatic increases in both density and performance per watt as the most energy efficient PowerStore system to date. With this advancement, Dell is addressing the increased need for energy efficiency and sustainability, one of the most important criteria for IT buying decisions according to a recent IDC survey.

“With Dell PowerStore’s compression technology, we reduced our old storage area network from as much as 20 systems, down to two—a 90% reduction in our footprint,” said Nathan Young, IT director, Maricopa County Recorder’s Office. “As a result, PowerStore has improved our energy efficiency while allowing us to innovate to meet changing demands from constituents and the increased expectations of our staff.”

Dell ramps up software-driven storage innovation

In addition to PowerStore, new software innovations address a wide range of advancements across the Dell Storage portfolio:

  • Dell PowerMax, the world’s most secure, mission-critical storage, strengthens cybersecurity by enabling an operational airgap to allow customers to expedite recovery of compromised production data following a cyberattack.
  • Dell PowerFlex, Dell’s software-defined infrastructure, speeds modernization with enhanced NVMe/TCP and security.​
  • Dell ObjectScale, Dell’s software-defined object-storage platform, introduces faster enterprise S3 object storage performance with a simpler deployment and support experience.
  • Dell CloudIQ, Dell’s AIOps software, extends its AI/ML-driven performance and capacity analytics and VMware integration to simplify and accelerate IT and DevOps.
  • Dell Unity XT, Dell’s flexible hybrid storage platform, increases Ansible support to enhance storage automation, helping customers lower costs, reduce errors and increase productivity.

Availability

  • Dell PowerStore and ObjectScale advancements will be globally available in June 2023.
  • Dell PowerMax, CloudIQ and Unity XT capabilities are globally available today.
  • Dell PowerFlex advancements will be globally available in the third quarter of 2023.

 

Building a Cyber-Resilient Organization: Strategic Cyber Security Training Tips

Modern businesses are constantly under threat of all kinds of cybercriminal activity. Our increased reliance on the Internet for day-to-day business operations exacerbates the situation further. Because of that, cyber threats, such as data breaches, ransomware attacks, and phishing scams, can devastate an organization’s reputation, financials, and operations.

One effective way to strengthen your organization’s cybersecurity posture is through strategic cyber security training for your employees. This article will explore cyber security training and provide six security training tips for your employees to help build a cyber-resilient organization.

What Is Cyber Security Training?

Cyber security training is an educational program where employees are taught the knowledge and skills necessary to deal with cyber threats, which includes identifying, preventing, and responding. Security training programs cover a wide range of topics, ranging from password risk management practices to email security and even social engineering awareness.

Cyber security training aims to enhance the first line of defense, which includes your employees. Employees are often the most likely target of a potential cyber attack. Therefore, cyber security training improves your organization’s overall cybersecurity by educating them on the industry’s best practices.

Considering the rate of cyber attacks and the fact one in five firms experience some form of data breach, there’s no better way to improve your organization’s cyber resilience than to educate them on the dangers of the cyber world.

6 Security Training Tips for Your Employees

To make your organization more cyber resilient, here are several security training tips to turn your employees into cyber security professionals:

Emphasize Using Strong Passwords

Weak passwords are commonly used by unaware employees. But did you know that they’re also a common gateway for all kinds of security risks? An important part of your cyber security training program must be to train your employees to create strong passwords. The new passwords must be at least 12 characters long and include both upper and lower-case letters, numbers, and special characters.

Encourage them to avoid using easily guessable information, such as birthdates or common words, to reduce the chances of cyber incidents.

Educate Employees on the Dangers of Phishing Attacks

Phishing attacks are social engineering attacks where hackers trick your employees into revealing sensitive information, such as usernames, passwords, or credit card details. So another important tip is to train your employees to be cautious when opening emails or clicking on links, especially from unknown sources.

Educate them on how to spot phishing attempts, such as identifying suspicious email addresses, spelling or grammar errors, and requests for personal information.

Encourage Keeping Software and Devices Updated

Cybercriminals will often look for common vulnerabilities in the software your organization uses. The software vendors know this, and they will look to reduce the rate of data breaches caused by security holes by implementing security patches. Therefore, you must emphasize and encourage your employees to regularly update their software, including operating systems, web browsers, and applications, to ensure they have the latest security patches.

Additionally, encourage them to keep their personal devices up to date, such as their laptops and smartphones.

Implement the Use Of Two-Factor Authentication

2FA is a security measure that adds another layer of safety to user accounts by requiring an additional verification step, such as a fingerprint, facial recognition, or a one-time code sent to a mobile device.

Most software vendors have 2FA or MFA as a security measure, meaning your employees can already reduce the chances of cyber incidents. But you must make 2FA implementation an organization-wide policy. Train your employees to enable 2FA on all their accounts, especially those that contain sensitive information or have access to critical systems, to reduce the chance of a potential data breach.

Avoid Public Wi-Fi for Sensitive Activities

Public Wi-Fi networks are highly unsecured and often a risk to your organization’s cyber resiliency. The risks associated with using public Wi-Fi networks are well documented, as hackers can easily use them to transfer malicious data to connected devices.

Therefore, a large part of your security training program is to educate your employees on the dangers of using public Wi-Fi for sensitive activities, such as accessing company email or transferring confidential data. If they must use public Wi-Fi networks, encourage them to use a virtual private network (VPN).

Practice Safe Browsing Habits

Train your employees to practice safe browsing habits by avoiding clicking on suspicious links or downloading files from untrusted websites. Instead, encourage them only to visit reputable websites and to be cautious about pop-up ads or unexpected downloads.

Moreover, you must educate them on how to spot fake or phishing websites by encouraging them to look for the lock icon and the “https” in the URL, which is an indication of a secure website.

Conclusion

Cybersecurity experts recognize that employees are often the first line of defense. While organizations can turn to a host of solutions to enhance their overall cybersecurity measures, one way to prevent cyber incidents and future threats is to offer cyber security training to your employees.

That way, you’re educating your employees on the dangers of the cyber world. Moreover, you’re educating them on how to identify and deal with a potential cyber risk. Security training must be a part of your disaster recovery planning, as there’s no better way to deal with digital threats than to give your employees the necessary knowledge on how to stop them.

Cyber threats are becoming more personal, finds new annual F-Secured consumer threat guide

A new look at the cyber security landscape from F-Secure, a global leader in simplifying cyber security, finds that wherever consumers go, cyber criminals will follow. That means users of massive online platforms such as Netflix, Facebook, and Steam should be prepared to face scams and infostealers, criminals’ current favourite threat.

F-Secured, the complete guide to online security in 2023, cuts through the complexity of the cyber crime landscape to offer a look at what were the biggest threats in 2022 and what risks consumers face now. It also includes simple steps users can take to make their favourite digital activities and connected homes safer, along with predictions about the threats our devices and families will face next.

“Cyber criminals benefit from the fact that we spend so much of our lives online. And they know they can reach us on the online services that we use,” said Laura Kankaala, F‑Secure Threat Intelligence Lead. “Because ultimately what they want is our attention. They want to trick us into acting against our own interests to click on malicious links or download malware. So, they spam our email inboxes, tag us in comments on social media, or send us direct messages in gaming or dating apps.”

F-Secure’s Threat Intelligence found that the most imitated social media platform used to spread phishing threats in 2022 was Facebook, the most popular social network on earth, at 62%. Steam, the largest distribution platform for PC games, was the most popular gaming platform to spoof at 37%.

Criminals have also increasingly used Netflix, the most popular video streaming service in most countries, as a phishing lure. Often criminals play upon consumers’ dependence on the service for entertainment. A common scam notifies a user that the service will be cut off because a recent payment was denied and leads to criminals taking over the account.

“Cyber attacks in general have become very personal,” Kankaala said. “And little is more personal than the credentials that secure our intimate digital moments.”

Infostealers rank as the most common Windows threat, making up 69% of the 30 most common attacks, according to F-Secure’s monitoring of prevalent threats. One of the most popular examples of this threat is the RedLine Stealer thanks to its irresistible business model. This customizable malware-as-service allows criminals to suck credentials stored in users’ browsers. Criminals buy this threat and then package the stolen data in the same place–dark web marketplaces.

The report also investigates how criminals profit off scams and malware in the wild. It includes a detailed look at phishing attacks related to Ukraine, the popular “Hi Mum” smishing scams, and attacks that specifically target gamers. In addition, Kankaala offers insights into the unsettling ways internet users can be targeted online by the people they know in real life.

“In the end, we all need cyber security in our lives,” she said. “Because it’s not just about avoiding the criminal hackers, it’s about taking control of our lives online — it’s about being digitally independent.”

Key topics in the F-Secured guide include:

  • Malware and infostealers
    A comprehensive look at the threats consumers are most likely to face.
  • Security and the smart home
    A review of challenges faced by consumers, hardware manufacturers and communication service providers due to the swelling numbers of connected devices in the home.
  • Phishing for new victims
    A look at the emerging phishing trends for 2023 with a focus on the growing risks in gaming and social media.
  • Cyber security is getting personal
    An examination cyber security issues that arise from adding a digital dimension to interpersonal relationships.
  • Trends and predictions
    F-Secure researchers, analysts, and threat hunters reveal what they’re seeing on leading edge of cyber security.

Read the whole F-Secured consumer threat guide here and keep up with cyber security news as it breaks each month through F-Alert, F-Secure’s monthly threat report, here.

Survey Finds One in Five Firms in Ireland Experienced a Cyber Attack Last Year

Aon plc, a leading global professional services firm, today released figures that reveal that most senior business leaders in Ireland plan to increase investment in cyber security and resilience in the coming years amid the evolving cyber risks facing Irish firms.  

The survey of 228 senior business leaders from companies across Ireland reveals that 18 percent of Irish firms experienced a cyber-attack or data breach in 2022. Large companies with more than 250 employees are more at risk, with 21 percent of firms facing an attack last year compared to 9 percent of SMEs.

Companies have taken steps in the past year to strengthen their cyber resilience and preparedness, with 38 percent having enhanced their data recovery and back-up systems and 35 percent having provided cyber security training to employees. This represents a slight decrease from levels seen in 2021, when 40 percent of employees were provided with cyber security training.  

Given the ever-changing cyber landscape, over two thirds of Irish firms (67 percent) plan to invest more in cyber security and resilience in the coming years. Seventy-two percent of firms with more than 250 employees are due to increase their spending on cyber security measures.

The survey also points to the growing dominance of cyber threats on an organisation’s risk register. According to the findings, cyber is now the fourth biggest business risk facing Irish organisations today.

Karl Curran, Head of Aon’s Cyber Solutions Ireland and Nordics, said: “Our figures show that cyber resilience is very much front and centre of Irish business leaders’ concerns. As the fourth biggest risk facing Irish organisations today, and with one in five firms being disrupted by a cyber-attack last year, business leaders are acutely aware of the enormity of the risk that cyber-attacks present and the need to plan accordingly. However, far too often, successfully managing cyber risk only becomes a priority after a cyber incident has occurred. Despite the majority of Irish firms planning to invest more in cyber security and resilience in the coming years, more than a quarter of Irish business leaders don’t have any plans to invest more in cyber security and resilience in the near future.

“Amidst an increasingly complex business environment, business and IT leaders are under increasing pressure to make smart security investments. And the truth is there is no one straight line approach to cyber security. It is a continuous journey focused on building resilience.

“At Aon Ireland, we encourage leaders to review their cyber security posture and take a strategic approach to managing cyber risk that is informed by data. This begins by assessing the cyber risk landscape, identifying the ways in which your IT team can mitigate challenges, transferring risk out of the business and, when faced with a crisis, recovering with speed. By taking a data-driven, circular approach to cyber resilience, business and IT leaders can come together to make better decisions that protect the future of their organisation and its people.”

To help business leaders on this journey, Aon’s Cyber Loop is a model for sustained cyber resilience that recognises the growing concern around cyber threats and supports businesses on their journey of investment. Comprising four main stages – assess, mitigate, transfer and recover – the Cyber Loop supports business leaders to maximise return on cyber security investment and become an informed participant in managing risk.

The four main stages of Aon’s Cyber Loop are:

  1. Assess

A thorough assessment of an organisation’s cyber risks will ensure that they are better informed and in a better position to agree on an appropriate risk strategy.

  1. Mitigate

Bridge the gap between understanding the technical risk of an identified vulnerability and the related financial exposure to inform decisions that can enhance security maturity and maximise return on security investment.

  1. Transfer

Despite a rising tide in cyber governance, losses still emanate from human error, system failure or security failure. Aon’s experts help businesses to identify, quantify and transfer cyber risk into the insurance market.

  1. Recover

Aon’s team of experts are experienced in maximising possible recovery of costs and working towards a cashflow neutral position.

To learn more about Aon’s Cyber Loop, visit https://www.aon.com/cyber-solutions/thinking/the-cyber-loop-a-model-for-sustained-cyber-resilience/.