The cyber arms race continues. The hydra-like nature of the cybercriminal community means that as soon as one form of threat has been neutralised, multiple new ones tend to spring up in its place. And those old threats can be revivified by the application of new technologies like generative artificial intelligence. It is little wonder in those circumstances that numerous global surveys of chief executives put cybersecurity at the top of the business risk rankings, in advance of tariffs and geopolitical tensions and conflicts.
“The cyber landscape has grown in step with the rapid expansion and rates of adoption in technology, infrastructure and the internet of things (IoT),” says Justin Moran, head of governance and security at Three Ireland.
“Such rapid expansion has provided a lucrative hunting ground for criminal hackers and fraudsters who are increasingly professional in their execution. Such individuals are highly capable of actively seeking out and exploiting vulnerability across all elements of technologies but also targeting supply chains and the end users who interact on a day-to-day basis.”
He also notes the increasing sophistication of the bad actors. “Criminal hackers, supported by advances in technology and artificial intelligence in the wrong hands, can now deploy more sophisticated stealthy attacks, which can evade even the most advanced cyber defence mechanisms.”
READ MORE
The combination of managing legacy systems, with old and known vulnerabilities, along with new technologies, with their own unique risks, makes for a very complex attack surface, according to Claire Wilson, cyber strategy and transformation director with Deloitte.
“To add to the complexity, organisations are increasingly connected and reliant on third-party vendors and partners,” she notes. “Each link in the supply chain is a potential entry point for a cyberattack. Organisations need to not only secure their own systems, but also ensure that their suppliers are securing theirs, adding yet another dimension to the cyberattack surface. Cyber criminals are quick to adapt, they exploit new vulnerabilities as soon as they emerge and will use new technologies, such as AI tools, to increase the speed and accuracy with which they can attack.”
The level of complexity has been increased by a shift in focus by criminals beyond IT environments to areas such as IoT and operational technology (OT). “The stakes are high as these are often less well protected and can contain highly sensitive data or be directly at the centre of your value chain,” explains PwC Ireland director of cyber, privacy and forensics, Stephen O’Keeffe. “A wide-scale breach of data from wearable medical devices or shutting down production at a plant are the types of risks in play. The complexity of supply chains continues to increase and cyber criminals often target a weaker third-party provider to gain access to a larger brand. It is now critical that organisations consider their attack surface as reaching beyond their own network and are ever vigilant in relation to cyber risks arising from their critical third parties.”
Moran recommends multilayered defence strategies. “Companies cannot solely rely on perimeter-based defences but need to focus on defence in-depth and zero trust principles. Each layer of defence makes it harder for an attacker to succeed. In practical terms, this may include a combination of firewalls, antivirus software, multi-factor authentication, encryption to protect key data, endpoint protections, limiting access and continuously monitoring for suspicious activities so that any potential attacks can be managed swiftly.”
Wilson agrees: “To protect against new cyber threats, organisations need a layered approach to cybersecurity,” she says. “Organisations need to adopt a ‘when, not if’ approach to building resilience so that when an attack occurs it can be quickly detected, its impact minimised and recovery swift and effective.”
Utilising an industry framework, such as NIST Cybersecurity Framework, provides a widely recognised structure for managing cyber risk, she adds. “This framework supports regulatory compliance and can be adapted to any size, sector or maturity level. To protect against evolving threats, the basics need to be in place, keeping systems patched and up to date, ensuring strong configurations are implemented, enforced access controls, and establishing robust threat detection and response capabilities. Implementing secure-by-design processes ensures that security is incorporated into new deployments and developments from the early planning stages.”
Cybersecurity cannot be treated in isolation, however. “With emerging tech developments, such as GenAI and agentic agents, significant business transformation is a must for many organisations to stay competitive,” O’Keeffe points out. “Concerns about security cannot be allowed to slow this transformation and executives must therefore focus on building security into the fabric of their organisations.”
There is help at hand for businesses struggling to get to grips with the cyber challenge. “Enterprise Ireland actively encourages client companies to strengthen their cybersecurity by offering targeted supports such as the Cyber Security Review Grant,” says Anna-Marie Turley, manager, fintech, financial services and cybersecurity with the agency. “This initiative helps businesses assess their current cybersecurity posture, identify vulnerabilities, and develop a tailored action plan. By subsidising expert consultancy and aligning with the National Cyber Security Centre’s framework, Enterprise Ireland empowers companies to build resilience, protect digital assets, and maintain trust with customers and partners in an increasingly digital economy.”
Enterprise Ireland is also supporting the development of Ireland’s native cybersecurity sector. “Whether it’s identity verification, preventing data breaches or ensuring compliance, Irish entrepreneurs are increasingly at the forefront of innovation in the global cybersecurity sector,” says Turley. “Enterprise Ireland is committed to supporting Irish-owned companies to start, compete, scale and connect, including companies in the cybersecurity sector, an industry that has experienced significant growth in recent years. Cybersecurity-focused companies generate around €2.7 billion in revenue annually and employ over 8,000 people nationwide, according to the CSO. As these companies engage with global industry leaders, they not only enhance their own capabilities but also contribute to the broader goal of making the digital world a safer place.”
