Tag: #cybersecurity

Only a third of CIOs cite cyber-risk mitigation as a performance measure

While 94% of CIOs acknowledge some form of serious threat over the next 12 months, only 27% list business continuity and resilience as a top-three priority during the next 12 months and barely a third cite risk mitigation as a measure of performance. These findings come from the 2021 Global CIO Survey from Logicalis, a global provider of IT solutions.  

 The study which surveyed 1,000 CIOs from around the world, finds that nearly half of respondents (47%) see data breaches as the biggest risk to their organisation (an increase of 6% from last year). Following data breaches, CIOs state malware and ransomware (39%) as other key areas of concern. 

 The perceived risk of a data breach is likely to have risen due to the increase in borderless workforces as employees continue to work from home or adopt hybrid working practices. When they occur, data breaches can lead to a range of issues from loss of business-critical data and stalled business growth, and in the most serious cases – the complete shutdown of a business. 

 Less than a third of CIOs (30%) cite lack of staff awareness as a security issue, down from 50% last year. This perceived improvement in staff awareness is due in part to an emphasised investment in additional training and technology measures to mitigate security risks. In fact, over 50% of CIOs state their organisations invested in employee security training this year, likely to help prevent data breaches originating from employee activity.  

 Other areas of investment include:  

·         Security technology – 66%  

·         Business continuity planning – 40%  

·         Third-party support through expert MSPs– 35% 

 

However, CIOs still feel their organisations have a long way to go in investing in comprehensive security measures. Despite the rapidly increasing cybersecurity risks, more than half of businesses (55%) have yet to adopt a cyber-attack recovery plan.  

 Mark Benson, CTO of Logicalis UKI, said:The pandemic led to a rapid shift to remote business frameworks and forced many organisations to set up temporary network security solutions in reaction to the larger cyber threat surface. One key element of the hybrid working structure is making sure everything stays secure—a task that is challenging in a decentralised workspace. Many measures have been implemented, but more action is needed to secure remote workers and increase business resilience. Failure to prepare is preparing to fail. Adopting a holistic cybersecurity plan ensures businesses are prepared for cyber-attacks and can quickly recover and resume critically affected systems and technologies. With a comprehensive plan, created with advice from a trusted partner, companies can rest assured, knowing they’re protected.” 

 For more information, and to explore additional key findings from the 2021 Logicalis Global CIO Survey, visit here. 

Remote workers suffer ‘digital anxiety’ over cyber security fears.

Working from home has spiked since the onset of the Covid-19 pandemic in March of 2020. This effort to reduce health risks may have limited the spread of the virus, but according to a new analysis by cyber security provider F-Secure, it may also have helped increase digital anxiety for those working remotely.

In a recent survey, 67% of internet users who work from home reported they increasingly worry about their online security and privacy even if nothing is wrong, compared to 58% of other users.

Senior Lecturer in Cyberpsychology at Nottingham Trent University Dr. Lee Hadlington, who’s research interests include employees’ adherence to workplace cyber security practices, said it makes sense that people’s sudden shift to telecommuting increased their anxieties about online threats.

“It is not surprising that individuals have started to worry more about cyber security, particularly when working from home. Many individuals were thrust into the ‘new normal’ of home working with very little preparation, training, or equipment. Let’s not forget, for most individuals in a workplace environment, cyber security is generally a second thought, and is usually something that is seen as the responsibility of someone else in the company. This, coupled with the fact that many home workers have less than perfect home working environments (e.g. desks in busy parts of the house, limited/poor internet connection, limited working knowledge of internet-based technology), means that these cyber security fears could be symptomatic of a combination of factors,” he said.

While worries about online security and privacy were prevalent among all survey respondents, remote workers reported elevated concerns about a myriad of issues, including:

  • 65% of those who work from home said the internet is becoming a more dangerous place, compared to 54% of other respondents.

  • 63% of remote workers said concerns about data privacy have changed how they use the internet, compared to 48% of other respondents.

  • 71% of remote workers said they worry that new internet connected devices—such as wearables and connected home appliances—could lead to a violation of their privacy, compared to 64% of non-remote workers.

  • 70% of remote workers felt increasingly uncomfortable connecting to public WiFi due to security risks compared to 63% of other respondents.

“Working from home could also have meant that individuals may have had more time to focus on other aspects of their working life and spent more time engaging in self-reflection and aspects of self-improvement; this could have included a re-assessment of cyber risks in their daily lives. The pandemic also meant people were isolated, with many turned to the one thing they did have access to – the Internet. Of course, spending more time engaged in one activity could lead to an increase in perceptions of risk, particularly when people are being subjected to negative news stories about cyber security related issues,” Dr. Hadlington explained.

According to F-Secure Security Consultant Tom Gaffney, managing security while working remotely takes technical security measures that protect data and devices, but also steps to keep people’s personal and professional lives separate.

“Steps everyone can take to secure themselves and their privacy when they work from home include updating their devices and software, ensuring their personal devices have security software installed, and some other basic infosec measures,” said Gaffney. “But keeping your personal and professional online activities separate from one another may be as important as any of these tips. Restricting what sort of things you do on each device and during which times can be an essential way to ease digital anxiety.”

To find out more about how reduce digital anxiety when working from home, check out https://blog.f-secure.com/digital-anxiety/.

2022 IT budgets to increase for 70% of Irish organisations

Logicalis Ireland, the IT Solutions and Managed Services provider, today reveals the findings of a survey which found that IT budgets for the coming year will increase for 70% of Irish organisations to account for better security, back-up and disaster recovery solutions.

The research – conducted by TechCentral and commissioned by Logicalis Ireland in association with IBM – involved more than 100 IT decision-makers in Ireland and found that during the pandemic, exposure to cyberthreats increased for more than three quarters of organisations (76%).

It also revealed that more than a quarter (28%) of Irish organisations experienced a cyberattack last year. Of those which were attacked, 40% were targeted by malware and 34% were targeted by phishing.

Furthermore, 29% of these organisations took about a week to recover from same. Some 27% took about a month, while recovery is ongoing for 24%.

On a more positive note, 88% of those surveyed said high-profile incidents had made company management more aware of threats to their organisation. Moreover, 70% of IT decision-makers were satisfied with their security policies and 75% agreed their backup and disaster recovery tools were fit for purpose.

In terms of response, over half (57%) strongly agreed it was a waste of time to negotiate with hackers. A similar number (59%) strongly disagreed that IT departments should keep a bitcoin fund for dealing with ransomware attacks.

As for the most popular measures for protecting data, multi-cloud solutions (66%) came out top. Single cloud solutions (31%) and off-premise physical backup (22%) finished off the top three measures.

Patrick Jordan, Chief Revenue Officer for Logicalis UK & Ireland, commented: “It has been a time of unprecedented change for Irish businesses. As workforces and operations became remote, the threat landscape shifted and arguably expanded with more locations to cover, more devices to protect and more risks to combat.

“This led to an intensification of the focus – and pressure – on technology solutions and IT support within organisations. This will only continue as we settle into the new way of hybrid working and invest in the tools to not only support but secure this. Businesses need to embrace this fully if they want to successfully architect change, safeguard operations, empower people and drive growth.”

Nathan Cullen, Ecosystem Leader, IBM, added: “It’s not just about identifying risks and protecting systems, companies need to have the means to respond effectively and quickly in the case of an attack or breach. They need to have the tools that enable prevention but also backup and recovery. Only then can they be cyber resilient and maintain business continuity. If the pandemic has taught us anything, it is to be prepared for the worst-case scenario and always be ready to adapt.”

#CyberSecMonth 2021 – Four common mistakes people make online that could put their money at risk #ThinkB4UClick

A recent study by Uswitch found that Brits are spending a whopping 384 minutes (6.4 hours) using the internet every day, yet even those who are ‘tech savvy’ are unaware of the extent to which their browsing and social media activity is tracked. Not only is this intrusive, extensive cross-platform tracking also makes it easier for cyber criminals to access personal information.

While most people are aware that there are risks associated with browsing the web, many are unaware of how their data is used, and of the severity of those associated risks.

Tom Gaffney, Security Consultant at F-Secure flags four common mistakes that even tech savvy people are making online, and provides top tips on how they can keep themselves safe.

Mistake 1: Using one browser for everything.

Tip: Most people use only one browser, whether that’s Chrome, Firefox or Safari etc, for all their online activity. However, Tom recommends using at least two – one for work and online banking and one for personal use – as not only will this be beneficial to privacy and security, but it will also give you separation in what you’re browsing and what you’re doing.

“Using separate browsers for casual browsing vs. ‘serious stuff’ like accessing online banking hugely minimises the risk of hackers getting to those sensitive accounts,” says Tom, “I personally never use the same browser to read news articles and browse social media as I would for online banking; casual browsing is generally how vulnerability issues arise — we click links that pique our interest without a second thought and hackers know this. Having a dedicated ‘serious’ browser enables you to shift your mindset into protection mode, you’re less likely to make risky decisions which could compromise your accounts when using your “serious-stuff browser”.”    

Mistake 2: Ignoring important security settings

Tip: Despite spending more time with their apps and web-browser, most of us are unaware of the security and privacy settings. We should all spend just a few minutes to check and configure security settings within our browser to enable safer internet surfing. Regardless of which browser you use (Internet Explorer, Safari, Chrome or Firefox), each gives you options to disable cookies and block security risks such as malware that can sneak in through infected pop-ups, plug-ins and extensions, compromising your privacy.

Default browser settings leave your data exposed so at a minimum Tom advises you should:

  • Disable pop-ups and redirections as cyber criminals could use these to spread malicious software.
  • Don’t allow automatic downloads as these could contain malware and viruses. Ask to be prompted before downloading anything.
  • Set your browser to ask permission before accessing your location, camera and microphone.
  • Turn on “Send a do not track request” to help prevent websites from tracking you
  • Think carefully before allowing browsers to save passwords as although it’s convenient it creates a security risk. Laptops and mobiles can fall into the wrong hands, it doesn’t take much for a hacker to find the stored password information.

Mistake 3: Not clearing cookies in your browser  

Tip: Cookie banners pop-up every time we visit a website and most of us will click ‘accept’ without thinking. Cookies are small files that websites send to your device that the sites then use to monitor you and remember certain information about you i.e. what’s in your shopping cart, or your login information. Basically, cookies track you as you browse.

There are several reasons why Tom recommends deleting cookies such as:

  • Over time you could accumulate a lot of cookies which will slow your browser down
  • Cookies store your personal information and enable websites to track and follow you around the web, developing a profile of your online habits. In doing so they build a mosaic which maps your interests, identity, age, location, religious beliefs and even sexual identity. While this is used for providing you with targeted ads, this data is sold between organizations and has a more insidious target of knowing everything about you.

“Most browsers make it straightforward to view and delete cookies,” says Tom, “simply go to browser settings and look for the privacy or security section. It’s also worth noting that all browsers have a setting which allows you to browse the web anonymously, which you should have on by default. This will ensure that less of your personal information is shared with data brokers.”

Mistake 4: Not using a VPN

Tip: Even the most secure browser with the most advanced settings can’t always keep your browsing activities safe or private which is why you should consider a VPN such as F-Secure FREEDOME.

“VPNs offer you complete privacy for your activities online,” says Tom, “no one will be able to track you or see what you are doing, not even your Internet Service Provider. They can block harmful websites and hacking attempts, encrypt data to protect your real IP address and online traffic and protect you even when you’re using public Wi-Fi.”

 

Last word: Overall, it’s important that you exercise common sense when using the internet. Many organizations have made the web a simpler place to surf and shop with one-click purchasing. Sometimes we actually need to slow down, especially when shopping, banking or paying bills to allow our minds to engage critically.  At the very least, make sure you update your browser regularly as using old software can provide a way for hackers to break into networks. Updates will address any security issues and help your browser run better.

Smarttech247 and Armis announce strategic partnership to offer full visibility and real time detection for OT/ICS and IoT Assets

Partnership allows mutual clients to have total visibility of their digital assets and enhanced cybersecurity for the very first time 

Smarttech247, the multi award-winning MDR cybersecurity organisation and Armis, the leading unified asset visibility and security platform provider announced today that they have formed a strategic partnership to offer their global customers the opportunity to increase asset visibility, security and threat detection across their entire ecosystems. With IT and IoT increasingly converging on OT environments, it’s not enough anymore to simply identify OT devices – this approach will not give these organisations the full picture needed to combat modern cybersecurity threats.

The strategic partnership with Armis enables Smarttech247 to seamlessly enhance their current offering to deliver 100% visibility across all assets and device types. Customers can subsequently identify risks and gaps with a simple integration that will allow them to not only focus on their managed devices but also their new unidentified environment of unmanaged OT/ICS and IoT devices.

“This partnership will give our customers greater visibility and a bird’s eye view over the whole organisation. Armis will build on our cybersecurity asset management, risk management, and automated enforcement to all assets within our clients’ environments,” explained Raluca Saceanu, COO at Smarttech247.

The partnership will provide increased value to clients looking for consolidation of monitoring and security analysis for IoT/ICS/OT environments. Smarttech247 will add the Armis security platform to its cybersecurity offerings to bring customers real-time detection tactics and techniques and allow them to benefit from Armis’ unique ability to see all assets across a client’s ecosystem.

“Smarttech247 enabled the seamless integration of the Armis platform into our security platforms. This integration significantly increased our asset visibility and security analysis across our OT/ICS environment. It also allows us to monitor not only our managed devices but also our new, unidentified environment of unmanaged OT/ICS, loT devices,” said Luis Cunha, Head of Security Engineering and Operations at Aptiv.

“Strategically this partnership will benefit our shared customers and prospects, allowing a wider user community access to our collective award-winning abilities. One of the biggest risks firms are facing today is from unseen, unmanaged and legacy connected devices that many organisations have little and incomplete visibility of, let alone the know-how to manage them.  Having complete, real-time visibility of all devices coupled with Smarttech247 will benefit our customers by giving them all the information they need to make better risk-related decisions,” said Jamie Andrews, EMEA Partner Director at Armis.

In the recent Mitre Engenuity Att&ck Evaluations Armis provided 100% visibility of all IT, IoT & OT/ICS assets with real-time detection of all initial access and lateral movement. In addition, Armis also achieved 100% coverage of all known ICS threat tactics.

The Top 5 Threats to Cyber Security

Regardless of whether you love, hate, or have mixed feelings about technology; you cannot doubt its impact on your daily life. The current digital world continues to expand as more people, businesses, and companies adopt remote working. However, as digital activity surges, the criminal desire to take advantage of modern technologies also increases, evidenced by advanced cyber security threats and a rise in digital crime.

In recent years, several major companies have fallen victim to various cybercrimes, ranging from phishing attacks to data breaches. Below are the five major common cyber threats to watch out for.

  1. Phishing Attacks

Phishing attacks are the most common and damaging cyber security threat facing small businesses. These attacks account for an estimated 90% of data breaches facing organizations and cost businesses up to $12 billion in losses. A phishing attack occurs when cyber criminals pretend to be trusted contacts and entice users to click malicious links or download malicious files that give them access to your computer or sensitive information.

Current phishing attacks are more sophisticated, as attackers devise new convincing ways of pretending to be your real business contacts. Phishing attacks are very damaging since they are difficult to combat. Unlike other threats that leverage technological weaknesses, these attacks target humans in a business through social engineering.

However, businesses can take some measures to mitigate these attacks. Using a reliable email security gateway, installing post-delivery protection, and training your employees on identifying phishing emails can reduce the risks of falling prey to phishing emails.

    2. Malware Attacks

Malware threats are the second serious cyber security threat facing both small and large businesses. Malware attacks include various cyber threats, such as viruses and Trojans, used by hackers to gain access to business networks, destroy or steal sensitive data. Malware attacks often stem from malicious downloads, connecting to insecure devices or networks, and spam emails.

Malware attacks have significant damaging effects on small businesses since they can cripple computers and other devices that require expensive repairs and replacements. Hackers also access sensitive customer data, putting your company at risk for legal issues. Fortunately, businesses can mitigate malware threats by installing strong and reliable technological defenses, such as Endpoint Protection, which protects devices from malicious downloads.

Taking advantage of the correct threat intelligence tools allows businesses to stay ahead of emerging threats, providing real-time insights into potential risks. These tools help identify vulnerabilities, enabling businesses to act quickly and prevent attacks before they cause major disruptions

     3. Ransomware

Ransomware is another common cyber threat affecting thousands of businesses every year. Unfortunately, they have grown to become one of the most lucrative executable attacks. Ransomware attacks have some similarities with malware attacks. With these threats, cybercriminals encrypt company data and demand a ransom or give conditions that should be met for the data to be unlocked.

Like other cyber security threats, small businesses are specifically targeted due to their average cyber security framework. Hackers also target small businesses because most of them haven’t backed up their data. So to say, 71% of Ransomware attacks in 2018 were directed to small businesses with ransom demands averaging at $116,000.

That said, businesses should adopt strong cyber security measures, such as Endpoint Protection, to mitigate these attacks. You should also back up company data in the cloud to avoid data loss.

    4. Insider Threats

Insider threats are a serious yet mostly overlooked cyber security threat by most companies. A Verizon analysis found that insider threats accounted for 25% of cyber threats in 2017. As the name suggests, these are risks caused by the actions of your employees, bitter former employees, or your business associates. Since these persons can access company information, greed or malice can steer them into causing disastrous actions.

These threats are a significant problem that can put your employees and customers at risk. It can also expose your company to hefty financial damage. While this cannot be prevented, you can reduce insider threats by developing a strong company culture within your business. You should also increase cyber security awareness since some insider threats are caused by employee ignorance or carelessness.

    5. Cloud Jacking

Cloud computing is a fast-rising trend that most companies have adopted for collaboration, communication, and storage. Unfortunately, while the cloud is deemed safe, this is not always the case. Cloud jacking occurs when cybercriminals infiltrate your cloud computing system. Once they access your business cloud, hackers can reconfigure your cloud code, eavesdrop on company communications, and conduct other damaging actions.

Most cybercriminals use information gained from cloud jacking to run other cyber threats, specifically phishing schemes. With the information gained from eavesdropping, they can create fake memos or instructions that appear to have been approved by the management, tricking employees into clicking or downloading malicious files. To stay safe, businesses should look into staying CMMC compliant, as the goal of your CMMC SSP is to provide a readable overview of your security requirements and the controls you have in place to meet those requirements to anyone looking into your cybersecurity posture.

Conclusion

While these five cyber threats aren’t everything that businesses face, they are arguably the most threatening. As cybercriminals increasingly become smarter and strategic, businesses should advance their cyber security measures. You should ensure that your organization has updated cyber security measures to protect your network and sensitive company data from vulnerabilities.

New Cybersecurity Report from HP Reveals 91% of IT Teams Feel Pressure to Compromise Security

HP Inc. today released its HP Wolf Security Rebellions & Rejections report, a comprehensive global study highlighting the tension between IT teams and employees working from home (WFH) that security leaders must resolve in order to secure the future of work.

The findings show that IT teams have been forced into compromising security for business continuity at a time of rising threats. Making matters worse, their attempts to increase or update security measures for remote workers have often been rejected. This is particularly true for the future workforce of 18-24-year-olds – digital natives who feel increasingly frustrated with security getting in the way of deadlines, leading many to circumvent controls.

The new HP Wolf Security report combines data from a global YouGov online survey of 8,443 office workers who shifted to WFH during the pandemic and a global survey of 1,100 IT Decision Makers, conducted by Toluna. Key findings include:

  • 76% of IT teams admit security took a backseat to business continuity during the pandemic, while 91% felt pressure to compromise security for business continuity.
  • Almost half (48%) of younger office workers (18-24 years old) surveyed viewed security tools as a hindrance, leading to nearly a third (31%) trying to bypass corporate security policies to get their work done
  • 48% of office workers surveyed agreed that seemingly essential security measures result in a lot of wasted time – this rises to 64% among those ages 18-24.
  • Over half (54%) of 18–24-year-olds were more worried about meeting deadlines than exposing their organization to a data breach; 39% were unsure what their security policies say, or are unaware if their company even has them – suggesting a growing level of apathy among younger workers
  • As a result, 83% of IT teams believe the increase in home workers has created a “ticking time bomb” for a corporate network breach.

“The fact that workers are actively circumventing security should be a worry for any CISO – this is how breaches can be born,” comments Ian Pratt, Global Head of Security for Personal Systems, HP Inc. “If security is too cumbersome and weighs people down, then people will find a way around it. Instead, security should fit as much as possible into existing working patterns and flows, with technology that is unobtrusive, secure-by-design and user-intuitive. Ultimately, we need to make it as easy to work securely as it is to work insecurely, and we can do this by building security into systems from the ground up.”

The report highlights that many security teams have made efforts to curb user behaviour to keep data safe. 91% have updated security policies to account for the rise in working from home, while 78% have restricted access to websites and applications. However, these controls often create friction for users, who resent the controls and push back on IT, leaving security teams feeling dejected and rejected:

  • 37% of office workers surveyed said security policies and technologies are often too restrictive.
  • 80% of IT teams experienced push back from users who do not like controls being put on them at home; 67% of IT teams said they experience complaints about this weekly.
  • 83% of IT teams said trying to set and enforce corporate policies around cybersecurity is impossible now the lines between personal and professional lives are so blurred.
  • 80% of IT teams said IT security was becoming a “thankless task” because nobody listens to them.
  • 69% of IT teams said they are made to feel like the “bad guys” for imposing restrictions.

“CISOs are dealing with increasing volume, velocity and severity of attacks,” comments Joanna Burkey, Chief Information Security Officer (CISO), HP Inc. “Their teams are having to work around the clock to keep the business safe, while facilitating mass digital transformation with reduced visibility. Cybersecurity teams should no longer be burdened with the weight of securing the business solely on their shoulders, cybersecurity is an end-to-end discipline in which everyone needs to engage.”

Burkey continues: “To create a more collaborative security culture, we must engage and educate employees on the growing cybersecurity risks, while IT teams need to better understand how security impacts workflows and productivity. From here, security needs to be re-evaluated based on the needs of both the business and the hybrid worker.”

HP is helping organizations to secure the hybrid workplace by delivering transparent and unobtrusive endpoint security. With HP Wolf Security organizations benefit from robust, built-in protection from the silicon to the cloud, and BIOS to browser. It enables Cybersecurity teams to deliver user-friendly tools and help to ease restrictions, while also providing defence-in-depth and enhanced protection, privacy, and threat intelligence, gathering data at the endpoint to help protect the business at large

400 new jobs for Kilkenny as State Street selects Ireland for its new global cybersecurity and technology unit

State Street Corporation, one of the world’s leading providers of financial services to institutional investors, is to establish a new specialist 400-strong team in Ireland to provide technology infrastructure and cyber security services to support group operations globally.  State Street celebrates 25 years in Ireland and 20 years in Kilkenny this year and currently employs approximately 2,000 staff in Ireland across Dublin, Drogheda, Naas and Kilkenny.

Ireland has been selected in large part due to the availability of relevant and skilled technology talent – existing and emerging – from universities and third level institutions, as well as the need to have a location outside the US for time zone support purposes.

The new unit will be located at IDA Ireland Business and Technology Park in Kilkenny where State Street already employs approximately 600 staff and where the firm is in the process of developing a new state-of-the-art office. Reflective of new ways of working post COVID and of staff preferences for flexibility and remote working, the new office will accommodate above average occupancy levels enabling it to draw on a broad staff pool along the east coast and midlands.

The new unit will employ up to 400 high value, experienced and graduate level roles, across: programming, Cybersecurity Operations Analysts, Cybersecurity Instrumentation Engineers, Data Scientists, Cybersecurity Architects (Network, Identify Access Management and BlockChain), Cybersecurity Forensics/Investigations, Pen Testers and Governance as well as Risk and Compliance experts.  The new roles will be filled on a phased basis over the next 2 years.

Commenting, Tadhg Young, State Street’s head of Ireland, said:

“We are very pleased that Ireland and Kilkenny will benefit from this very substantial investment and the addition of high value, sustainable jobs. Today’s jobs announcement, alongside plans for our new state-of-the-art office development in Kilkenny, marks a further strengthening of our presence and commitment to the region for years to come.

 “Ireland’s tech ecosystem and financial services credentials alongside Kilkenny’s central location and access to talent from third level institutions in Dublin, Carlow, Waterford and beyond were all compelling factors in our location decision. I wish to thank the IDA for their continuing support of State Street, and I strongly encourage anyone seeking a new career opportunity in a great location and with great prospects for professional development to check out our new roles.”

 Welcoming the news, Leo Varadkar, Tánaiste and Minister for Enterprise, Trade and Employment said: “This is a fantastic boost for Kilkenny. State Street, which already employs 600 in its Loughboy office and approximately 2,000 across the country has chosen to locate a new cybersecurity and technology unit in the county, creating up to 400 new jobs over the next 2 years.  Ireland’s highly skilled and experienced workforce continues to attract the very best investment across the country. This announcement is further evidence of the phenomenal work the IDA is doing to attract and retain FDI in Ireland – the new unit will be based in the IDA’s Kilkenny Business Park. I wish all involved every success.”

Minister of State with special responsibility for Financial Services, Credit Unions and Insurance Seán Fleming said: “I am delighted to welcome this transformational investment from State Street and would like to thank all of the executives involved in Kilkenny, the wider Irish operations and their colleagues in the US. The investment is an endorsement and a commitment to Ireland and the State Street team in Kilkenny. It demonstrates the vital role that regional operations can play in creating value for global firms.  Both I and the team behind the Ireland for Finance Strategy wish State Street every success as they build out the team in the region.”

Martin Shanahan, CEO, IDA Ireland said: “This significant announcement by State Street demonstrates not only the company’s continued commitment to Ireland but also the attractiveness of the South East Region’s value proposition. The new cybersecurity and tech roles announced for State Street’s new facility in Kilkenny will help shape the future of our economy and will support the company’s global operations.  I wish State Street every success with this expansion.”

In Ireland, State Street is the largest provider of fund administration and custody services with $1.7tn in assets serviced across all asset classes. The Irish group also manages $317bn within its investment management division SSGA.

Today’s announcement coincides with the first anniversary of State Street’s support for the Rethink Ireland €1.5 million Ability to Work Fund which, in conjunction with the Department of Social Protection & the Department of Rural and Community Development, is helping develop the talents and skills of those living with a disability.

Lack of investment in cyber security leaves many Irish businesses feeling exposed

EY Ireland is launching findings from their Global Information Security Survey 2021 which includes Ireland

More than half of Irish cyber security teams (52%) fear they are exposed to a major breach which could be avoided if their businesses invested more in their cyber defences, according to the EY Ireland Global Information Security Survey 2021.

Cyberattacks are increasing in frequency and impact with 90% of Irish businesses saying they have seen a rise in disruptive attacks in the last 12 months compared to 72% globally.

Irish respondents feel more exposed than their global peers due to a shortfall in funding. Globally, 36% of respondents say they are more exposed to a major breach than they would be if their businesses had committed sufficient resources to their cybersecurity defences. In Ireland, the figure was 52%, with 44% stating that their budgets were too low to handle the new challenges which have emerged over the last 12 months.

 

Carol Murphy, EY Ireland Consulting Partner and Head of Technology Risk, commented:

“Cyber attacks are becoming more frequent, more damaging, longer lasting and harder to anticipate. Irish businesses overall express confidence in their ability to manage evolving threats. The majority (60%) say they are confident in understanding and anticipating new strategies used by bad actors, which is encouraging.

Where improvement can be made is by creating heightened awareness of these threats at board and executive level. There is a tendency for cyber security to get lost on the priority list and this can leave the entire business exposed. With the regulatory burden rapidly increasing, however, boards are beginning to wake up to the threat posed and to the level of resourcing required, and not before time”.

 

Barriers to Communication

Only 30% of Irish respondents feel that their executive management fully understands the value and needs of the cyber security teams compared to 42% globally.

The survey suggests relationships between the cyber teams and senior leadership within their organisations are underdeveloped. More than two-thirds (68%) of respondents say that their teams are sometimes consulted too late or even not at all when their organisations make strategic decisions.

 

Carol Murphy concluded:

“The GISS survey highlights a number of gaps between Irish businesses and their international counterparts. These are partly due to budgetary constraints but also stem from a lack of internal communication and a perceived disconnect between cyber security and executive teams.

Given the global public health emergency, it is understandable that allowances have been made in some cases to facilitate rapid implementation of working from home policies. As remote and hybrid working become part of normal working life, however, businesses need to address the resulting security gaps as a matter of urgency.”