The future of cybersecurity will be linked with artificial intelligence (AI), and the speed of change will continue to accelerate says John Durcan, Enterprise Ireland’s senior technologist. Using this technology for “real-time detection” is the most effective way of preventing an imminent attack.
“Machine learning is becoming really core. This allows you to keep up with the hackers and head them off. We now see a lot of tools coming out of the machine-learning space, an AI, where it literally scans huge amounts of data on your network very quickly, something it’s not really possible for a person to do,” says Durcan.
Of course, the cyberattackers are also using AI, he acknowledges, and the technology is evolving equally rapidly for both parties.
“They’re keeping pace with the hackers, but it is a challenge.” Companies will often have to update their software every six months, or even every three months, he adds.
According to Sarah McNabb, Enterprise Ireland’s cybersecurity market adviser in the UK, secure biometrics and multi-factor authentication have become crucially important in recent years. With 58 per cent of all fraud in the UK now identity fraud, companies that offer these services, such as Daon, are in increasing demand, with businesses recognising “it’s the way forward”, she says.
Another emerging area is that of Zero Trust, which Durcan explains is where would-be users are given “just enough” access and breaches are assumed, meaning everything is encrypted end to end. Edge computing is also gaining in popularity, where only certain information is uploaded to the cloud and the rest kept locally. These approaches will fundamentally improve cybersecurity, he says.
Bottom line
The bottom line is that hackers are continuing to adapt and change, allowing them to evade detection and infiltrate a company’s network in spite of any protective measures in place. So what else can businesses do to ensure they are protected? According to Ciarán Morrissey, cyber development underwriter at Hiscox Ireland, doing the basics well will help businesses to mitigate and prevent attacks. However, resilience is also key, he says, noting that “no business will ever be completely secure”.
He says a specialist cyber insurance policy allows businesses to recover the financial loss following an attack, and also helps to mitigate reputational damage by providing access to a full suite of crisis communication experts, legal advisers and more.
“Cyber and data insurance protects organisations from the repercussions of failing to protect personal data, commercial information, interruptions to business due to being maliciously targeted by a third party, intellectual property infringement and defamation from content contained on a customer’s website, damage to a website or computer system caused by a hacker and cyber extortion.”
According to the Hiscox Cyber Readiness Report 2020, however, only 38 per cent of Irish firms are protected by specialist cyber insurance. Given that cyberattacks are a more likely threat to a company than fire or theft, Morrissey is surprised that this risk is not treated with the same caution.
Justin Moran, head of governance and security at Three Ireland, says the steady growth in the use of mobile and IoT devices means there is a significantly increased reliance upon technology. This means the number of potential points where a hacker can try to enter data to or extract data from an environment has shot up. Cyberprotection is something that everyone should be cognisant of – from individuals to global organisations, Moran warns.
“In general, large organisations tend to have bigger budgets and more formalised cybersecurity programmes, which means they tend to be better prepared when it comes to security measures,” he says. “That is not to say, however, they are immune to attack as highlighted by a number of recent cybersecurity attacks that successfully targeted high-profile social media and business targets.”
And while media commentary largely focuses on cyberattacks suffered by large organisations, the threat of cyberattack on small and medium-sized (SME) businesses is very real. Moran points out that a recent EU-based survey showed that over 60 per cent of all cyber-attacks or breaches were aimed at SMEs; “more worryingly 60 per cent of SMEs who were victims of cyber-attacks did not recover and shut down within six months”.
Unsecured devices
As more people use unsecured devices outside of a work environment, cyberprotection becomes more critical than ever, says Moran. “This is why security policies, communication and awareness training are so important, regardless of the size of the organisation, particularly on mobile devices, which may contain a combination of business and personal,” he says. “SMEs should be using security containers to segregate and protect the business and the personal.” Three Ireland is working with SMEs to deploy such solutions through its 3Mobile Protect solution. This product shields mobile devices from threats such as phishing and malware and also allows companies to filter out non-work apps and content such as social media, gambling and inappropriate websites, as well as set domestic and roaming usage caps.
According to McNabb, every 39 seconds a hack takes place. Meanwhile, three in 10 chief executives pinpoint cyber as the issue that has the biggest impact on their companies today.
These days, businesses are much more proactive when it comes to cyberprotection, says McNabb.
“It’s shifted from a reactive to a proactive industry because before companies were waiting for attacks to happen and then implementing the software. Now people are aware that, because all of their information is on the cloud, they need to have the proper cyber controls in place.”