ISO27001 Event Guide Data Solutions survey find Irish businesses held at ransom
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Vol 5 Issue 1
ISO27001 Event Guide Data Solutions survey find Irish businesses
held at ransom
Ward Solutions predicts €1.2m
from ISO27001 Innovative designs for data centres storage
Driven By The Need For
Information Security In Ireland
Data is one of the most valuable
assets any business has today. Our
dependence on information systems
and services means organisations
are more vulnerable to security
threats than ever before. Keeping
your data secure – whether its
customer, staff or supplier data – is
critical in most businesses, but most
especially those dealing with
sensitive data. Data security is a hot
topic in the media so ISO 27001 not
only protects your business against KEY BENEFITS TO YOUR BUSINESS
hackers but also safeguards your
reputation. • Improves and maintains competitive edge.
• Win more business particularly where procurement
For further information please contact
specifications require higher IT security
BoxMedia credentials.
616 Edenderry Business Campus, • Compliance with legal, statutory, regulatory and
Edenderry,
Co Offaly contractual requirements.
Tel: +353 (0) 46 977 3434
• Provide assurance to stakeholders, such as clients
Website : www.iso27001ireland.com and shareholders.
ronan@boxmedia.ie
• Business continuity is assured through
susan@boxmedia.ie management of risk, security issues and concerns.
CO N TENTS
-5-
Ward Solutions
Predicts €1.2M from ISO27001.
Electronic Payments
-28-
Say goodbye to the cheque book x
PAGE 28
Cheque books a thing of
-7-
the past.
Atlantic Bridge PAG E 5
€140M fund for tech companies.
Ward Solutions.
-29-
Data Solutions
New jobs and €5M investment
PAG E 30
-8-9-10- CyberBunker.
Deciphering
The puzzling future of data security.
-31-
Data Protection
-12- PAG E 7
3 issues defining data protection
in Ireland
PAG E 31
Data Protection.
Zinopy Atlantic Bridge.
Launches “inSlght”.
-13-19-
Managing Editor: Ronan McGlade
Sub Editor: Mark Collins
Business Development: Susan Doyle
ISO 27001 Production: Helen King
Event Guide & Workshop. Production/Operations: Paula Dempsey
Sales & Marketing: Alan Carolan
Sales & Marketing: Ciaran Hurley
IT Department: Thomas McCarthy
Business Solutions is published by BoxMedia and its Directors.
PAG E 8 616 Edenderry Business Campus, Edenderry, Co Offaly
-23- Deciphering. Tel: + 353 46 9773434
Email: ronan@boxmedia.ie
AdaptiveMobile Website: www.businesssolutionshub.com
80% do not have adequate security BoxMedia and its Directors can accept no responsibility for the accuracy of contributors’ articles or statements
measures in place. appearing in this magazine. Any views or opinions expressed are not necessarily those of BoxMedia and its
Directors. No responsibility for loss or distress occasioned to any person acting or refraining from acting as a
result of the material in this publication can be accepted by the authors, contributors, editor and publisher. A
reader should access separate advice when acting on specific editorial in this publication!
BoxMedia is a Premier Business Media Ltd Company
-25-
VPN PAG E 12
Design, Origination and Separations by Fullpoint Design (057) 8680873
Printed by GPS Colour Graphics.
Do you need one. Zinopy.
1
VOL 5 ISSUE 1
Half of Irish (47 per cent) find endless
junk mail more annoying than their
commute to work
New research reveals one in three consumers in Ireland and the UK will even
move their custom elsewhere if this trend of irrelevant overcommunication persists
N
ew research reveals the standard of communication -
inundation of irrelevant whether paper-based or digital,
communications and to ensure consumer loyalty.”
junk mail is pushing A majority of consumers in
consumer loyalty in the UK and Ireland and the UK (65 per cent)
Ireland to breaking point, with the believe more could be done to
majority (84 per cent) ready to take tailor communications to their
action against brands. individual circumstances. Three
The research, commissioned by quarters (76 per cent) would
global IT services company Ricoh and even be willing to share personal
carried out by Coleman Parkes, data to make this happen,
examined the relationship between including occupation, salary,
brand communications and Internet browsing habits and
customer loyalty. health records.
Irrelevant communications, both Consumers also increasingly
online and paper-based, are a huge view digital communications as
bug-bear for more than two-thirds of their preferred method to receive
consumers in Ireland and the UK, information from brands and
who consider a quarter of what they service providers: for new offers
Chas Moloney, director, Ricoh Ireland & UK
receive to be junk. Nearly half (47 and upgrades (71 per cent),
per cent) of consumers even see junk statements and bills (66 per
mail as more frustrating than their commute to work. cent) and updates to terms and conditions (64 per cent).
Beyond the mere frustration factor, consumers are suffering Moloney continued: “Consumers want to feel like a brand
from being unable to sift through the flood of irrelevant knows them and is creating the most tailored and bespoke
information and poor quality comms. Nearly one in five (17 per communication to cater for their needs and interests. This should
cent) have missed a payment deadline, and 22 per cent have not be taken as an excuse to ‘spam’ though. Using consumer
been unsure how much they owe for a service or even missed data correctly is imperative here. No matter whether they have a
offers they were entitled to (33 per cent). preference for digital communications – such as online bank
Brands need to beware that irrelevant communications are statements – or a mix of electronic and paper-based, there is
having a significantly detrimental impact on customer loyalty, simply no excuse not to harness this insights to ensure
trust and spend, and consumers are unafraid to bite back. Two- communications are truly targeted, which in turn makes them
thirds (69 per cent) of consumers in Ireland and the UK report effective and powerful.”
feeling less loyal to a brand spamming with irrelevant The industries viewed as currently sending the most relevant
information, whilst a similar number would also spend less (68 communications to consumers are the public sector (39 per
per cent) and even go so far as to stop being a customer cent), financial services (37 per cent), utilities (45 per cent) and
completely (57 per cent). Nearly a third (32 per cent) of healthcare (32 per cent). With the exception of utilities, these
consumers have moved their custom elsewhere, another fifth (22 industries were similarly seen to be the most trustworthy handlers
per cent) have complained to a service provider, and over one in of customer data. However, no single sector is viewed positively
ten (14 per cent) have taken their complaint to an authoritative by more than half of consumers, which goes to show significant
body. work still needs to be done by brands across all industries to
Chas Moloney, director, Ricoh Ireland & UK, said: “Irish bring confidence in their customer communications up to
consumers are clearly saying ‘enough is enough’ when it comes scratch.
to the irrelevance and high volume of communication sent out “Businesses across Ireland have to streamline how they
by brands and service providers. In the digital age, it has never manage, distribute and collect data to ensure consistency across
been more convenient to instantly communicate with customers, all channels. Information provided by customers should be used
but it is equally just as easy to spam. to create promotional offers and updates that are not only
“Brands need to find that crucial middle ground - personal to the consumer, but also highly relevant to them. This
communicating regularly and effectively without alienating results in the customer feeling truly valued, which ultimately
customers. In today’s competitive landscape, businesses must do drives loyalty and tangible benefits to the business,” concluded
more to listen to their customers and provide a tailored, quality Moloney.
2
VOL 5 ISSUE 1
Data breach four-times worse than
CEO quitting – BT study
New research undertaken by Amárach for BT Ireland has shown that a company’s
data protection is priority No 1, with a data breach considered four-times worse
than a CEO quitting.
T he likelihood of a
company suffering a data
breach has increased tenfold
breach is now the biggest
worry for a company, four-
times bigger than the sudden
in today’s age of heightened departure of an influential
cyberattacks and an abun- CEO.
dance of devices connected Likewise, of those polled,
to the internet of things (IoT). 67pc said they believe that a company’s statements to investors
In the last few days alone, three hospitals in the US have been should specifically address data management capabilities in the
the victims of ransomware attacks, with attackers demanding future and, additionally, 62pc said they believe that future
cash to allow the hospital’s IT staff to gain access once again to investors will use data management capabilities to assess a
their servers. company’s financial health, just as they do with profits and assets
A recent poll conducted for BT Ireland has highlighted that currently.
data protection concerns are shared by both those at the coal Shay Walsh, managing director of BT Ireland, said of the
face of a company’s security operation, and by those at the study’s findings: “Our research reveals that Ireland’s savvy IT
highest level of the company as well. leaders recognise and understand the need for their employers to
invest in the right infrastructure now that will enable them to
Data protection more important than financial health better manage and extract value from data and, ultimately,
The poll, of 115 senior Irish IT decision makers in companies with protect themselves from serious data management risk in the
an average employee size of 300 staff, showed that fear of a data future.”
Has your mouse been hacked?
ireless mice and keyboards are prime for hacking, with MouseJack, an IoT nightmare
W a “massive vulnerability” leaving “billions” of devices
at risk, according to a new report.
Take a step back from the millions of laptops around the
world, and think of where we’re all going. An IoT world means
US cybersecurity company Bastille claims to have found tonnes more interconnected devices, tonnes more wireless
the issue, calling it MouseJack, which sounds pretty cool, interconnected devices. So, if what Bastille found is as bad as it
with the company saying the vulnerability is massive. says, we could be in a bit of bother.
Manufacturers like Logitech, Dell and Lenovo are “The MouseJack discovery validates our thesis that wireless
namechecked as those affected by the issue, but most non- IoT technology is already being rolled out in enterprises that
Bluetooth wireless dongles are vulnerable. don’t realise they are using these protocols,” said Rouland.
Basically, hackers can take over a computer through a flaw “As protocols are being developed so quickly, they have not
in the dongles. Once paired, the MouseJack operator can been through sufficient security vetting.”
insert keystrokes or malicious code with the full privileges of Bastille says the top 10 wearables on the market have
the PC owner and infiltrate networks to access sensitive data. already been hacked, an ominous sign for those operating
The attack is at the keyboard level, therefore, PCs, Macs, below that threshold.
and Linux machines using wireless dongles can all be What’s worrying is the large amount of wireless mice and
victims. keyboards that can’t be updated, thus rendering any hope of a
“MouseJack poses a huge threat, to individuals and patch useless.
enterprises, as virtually any employee using one of these “Consumers will need to check with their vendor to
devices can be compromised by a hacker and used as a determine if a fix is available or consider replacing their
portal to gain access into an organisation’s network,” said existing mouse with a secure one,” said the company, with
Chris Rouland, founder and CTO of Bastille. www.mousejack.com set up to help with this.
3
VOL 5 ISSUE 1
Data Solutions Survey finds 20% of
Irish businesses have been held to
ransom
expect to spend more on security measures in 2016 than they
• Despite this 93% say they would never pay a ransom did in the previous year.
• 80% of businesses upgraded IT security in past year due to Despite this growing awareness, less than 10% of respondents
rise in cyberattacks stated that they were ‘absolutely confident’ that their information
• 55% expect to spend more on cyber security in 2016 than security measures are effective. More than 40% said that they
last year considered brand and reputational damage to be the main risks
• More than 40% consider brand and reputation damage the of a data breach with just 0.8% saying they would consider job
biggest concern of an attack loss their primary concern. Brand protection from cybercrime will
• Less than 10% are ‘absolutely confident’ their information be an important discussion point at this year’s Secure Computing
security measures are effective Forum.
• Full survey results to be announced at Data Solutions’ Other notable stats highlight that businesses are concerned
Secure Computing Forum on 12th May. about the risk of data loss or disclosure as a direct result of
cybercrime, with 55% stating that this was their main concern.
Other causes of concern were DDoS attacks – which recently
D
ata Solutions, the leading Irish distributor for IT plagued Irish government and public sector websites and the
solutions, has revealed the results of its 2016 national lottery – social engineering and data destruction.
Information Security Survey. The survey found that Although almost half of respondents stated that they were
20% of Irish businesses have fallen victim to concerned about attacks through the supply chain, nearly a
ransomware attacks, a serious form of cybercrime that sees quarter (23%) do not build specific requirements for information
hackers hold a business’ sensitive and critical data for ransom. security into the contracts of third party suppliers. This is a 12%
Despite the serious nature of such an attack, 93% of respondents increase from last year’s research, and highlights that businesses
stated that they would never pay a ransom to hackers. are at even higher risk of a breach in the supply chain, the cause
The survey was carried out in association with TechPro of many high profile breaches such as the attack on retail giant
magazine among 137 senior IT decision makers in Irish businesses Target.
during February and March 2016. The full results of the research Micheal O’Hara, group managing director, Data Solutions,
will be revealed at the Data Solutions Secure Computing Forum said: “The results of this survey present an interesting and
taking place in the Mansion House, Dawson Street, Dublin 2 on worrying picture of the current state of the Irish information
12th May. security landscape and the approaches being taken by companies
In a clear sign of the changing landscape of information to protect themselves. The Secure Computing Forum will focus
security, and increased awareness of the threat of cybercrime, the on where Irish businesses are falling short and what they need to
survey also found that 80% of businesses upgraded their IT do to ensure their infrastructure is safe.
security in the past year, and that more than 55% of companies “The fact that 80% of businesses are upgrading and changing
their security infrastructure is reassuring,
but it begs the question what are the other
20% doing? Cybercriminals are forever
changing their approach and businesses
need to constantly adapt to keep up.
“93% say that they would never pay a
ransom, but faced with the reality of an
actual ransomware attack I think you’d find
most would. Every business has sensitive or
mission critical data and ultimately it would
come down to a business decision if that
was under threat. Less than 10% have
complete confidence in their information
security measures and this highlights the
pressing need for companies to take the
threat of these and other forms of
cyberattacks more seriously.”
Tickets for Ireland’s largest annual IT
security event the Data Solutions Secure
Computing Forum are available at
http://securecomputingforum.ie/. The
event takes place in the Round Room at the
Pictured at the announcement of the 2016 Data Solutions survey results are: (l-r) Michael O'Hara, Mansion House, Dawson Street, Dublin 2 on
managing director, Data Solutions, and David Keating, security sales manager, Data Solutions. 12th May.
4
VOL 5 ISSUE 1
Ward Solutions predicts €1.2M
revenue from new ISO 27001
• Ward is first and only provider in Ireland recognised as an ISO 27001 Associate
Consultant Partner by the British Standards Institution
• Ward invested €50,000 in training staff for certification
”This new service will also allow us to grow our security
consultancy business significantly over the next year as we
forecast new revenues of €1.2M from this service alone. Our
pipeline is very strong as a large number of new and existing
customers are looking to become accredited this year.”
John Whyte of the British Standards Institution said, “Prior to
last year we didn’t have any ISO 27001 Associate Consultant
Partners in the Republic of Ireland and we’re delighted to offer
this to Ward Solutions. This accreditation highlights Ward’s in-
depth and unique expertise in the Irish market to provide
consulting services to companies seeking to become ISO 27001
compliant.”
“ISO 27001 is the international benchmark for information
security management systems. It offers a way for companies to
set themselves apart from their competition by exceeding the
industry standard. Ward’s new consulting service will remove
the complexity associated with achieving this standard and will
enable more Irish organisations to become ISO 27001
Pat Larkin, CEO, Ward Solutions. compliant.”
W
ard Solutions, Ireland’s leading information security
provider, today announces the launch of its new
ISO 27001 consultancy service. It is forecasting About Ward Solutions
that this service will lead to new revenues of Ward Solutions is Ireland and Northern Ireland’s largest
€1.2M from its security consultancy business within the next information security provider with offices in Dublin, Belfast
year. and Ennis. It provides a comprehensive range of security
The launch of the new service follows Ward’s investment of services including security auditing, consulting, incident
€50,000 in ISO 27001 certification training for staff. More than response, secure managed services and software
ten of Ward’s employees are now ISO 27001 accredited, and development services. It has the largest team of
the provider has now been recognised as an Associate information security specialists in Ireland providing a
Consultant Partner by the British Standards Institution (BSI), the highly responsive service to more than 300 leading private
organisation that oversees the certification process. and public sector organisations. www.ward.ie
This partnership distinguishes Ward as the first and only
information security provider in the Republic of Ireland certified About BSI
to offer ISO 27001 consultation services to organisations hoping BSI (British Standards Institution) is the business standards
to receive the accreditation. Ward Solutions will be identified to company that equips businesses with the necessary
new customers by the BSI as a specialist that can help with the solutions to turn standards of best practice into habits of
certification procedure. excellence. Formed in 1901, BSI was the world’s first
Ward Solutions will offer two forms of consultation. The first National Standards Body and a founding member of the
will be for organisations testing if they are ready to be assessed International Organization for Standardization (ISO). Over
by the BSI, and will consist of a review by Ward to establish this. a century later it continues to facilitate business
The second will be offered to companies in the early stages of improvement across the globe by helping its clients drive
preparation towards becoming ISO 27001 compliant. Ward performance, manage risk and grow sustainably through
Solutions will offer these companies comprehensive step-by-step the adoption of international management systems
consultancy through the complex accreditation process. standards, many of which BSI originated. Renowned for its
Pat Larkin, CEO, Ward Solutions, said: “Irish enterprises and marks of excellence including the consumer recognized
government bodies are increasingly making ISO 27001 BSI Kitemark™, BSI’s influence spans multiple domains
accreditation a mandatory requirement to work with them as including Aerospace, Automotive, Built Environment,
part of their supply chain assurance. As the only company in Food, Healthcare and IT. With 80,000 clients in 182
Ireland to be recognised as an Associate Consultant Partner by countries, BSI is an organization whose standards inspire
the BSI, Ward Solutions can provide clients with unique excellence across the globe. To learn more, please visit
guidance towards accreditation, something that will provide us www.bsigroup.com
with a strong competitive advantage in Ireland.
5
VOL 5 ISSUE 1
MHC Tech Law: What will the
General Data Protection Regulation
mean for business?
Mason Hayes & Curran introduces the General Data Protection Regulation, which
was agreed upon at the end of last year, and looks at what it will mean for businesses.
n December 2015, three years after the first draft was proposed, regulation. Second, the potential fines under the GDPR are
I and almost 20 years since the Data Protection Directive was
adopted, EU lawmakers came to agreement on the reform of data
protection law. The new General Data Protection Regulation
(GDPR) was agreed upon and is currently in the process of
formalisation and translation.
extremely high.
The GDPR provides for a two-tier system of fines, depending on
the type of non-compliance. For the lower tier of offences, a fine up
to the higher of €10m or 2pc of the organisation’s total worldwide
annual turnover in the previous year may be imposed. The lower tier
The General Data Protection Regulation is expected to come into of offences includes breach of privacy by design obligations, the
force in 2018. Let’s take a look at this piece of legislation and some rules relating to processor contracts, record-keeping obligations and
of the implications for businesses. processing security requirements.
For the upper tier of offences, there is potential for fines up to the
What is the General Data Protection Regulation? greater of €20m or 4pc of the organisation’s total worldwide annual
The GDPR will replace the current Data turnover in the previous year. Offences that
Protection Directive. attract the higher level of sanction include
As a Regulation, and unlike the preceding breaches of the basic principles for
Directive, it applies directly. This means that processing, including conditions for consent,
the GDPR does not need to be implemented infringing data subjects’ rights and unlawful
through each member state’s national law. transfers to countries outside the European
This should reduce the level of national Economic Area.
variation in relation to data protection law, For group companies, the percentage fine
though it will not eliminate it entirely, as seems to attach to the turnover of the group,
member states retain some discretion in not just the individual company in question.
certain areas For large multinationals, this is a particularly
The GDPR will comprehensively regulate significant deterrent.
data protection throughout the EU (with the There are a number of factors that the data
exception of data processed for law Under the GDPR, a failure to adequately protect protection authority must consider when
enforcement purposes). The GDPR builds data could lead to large fines. deciding the amount of the fine to be
upon familiar concepts and rules in the Data imposed, including:
Protection Directive, but in many ways it goes further. It has wider • The nature, seriousness and duration of the infringement
scope, standards have been raised, and sanctions are much higher. • Whether the infringement was intentional or negligent
• Actions taken to mitigate the damage suffered by data subjects
What does it mean for businesses? • Relevant previous infringements
With a greater level of harmonisation of laws across the EU, it should • Whether the wrongdoer co-operated with the data protection
be easier for businesses that sell goods or services across the EU to authority
take a unified approach in multiple EU states. However, the • The categories of personal data affected.
compliance burden is generally greater than that currently in place,
so many organisations will have to review and enhance their existing What next?
practices. As the finalisation and translation of the GDPR is currently in
In particular, the introduction of the ‘accountability’ principle progress, we can expect the GDPR to be formally adopted in the
means that affected organisations will have to work on their internal coming months.
compliance, including record keeping and, for some, the The Article 29 Working Party (the group of EU data protection
appointment of a data protection officer. regulators) has released a statement indicating that its priorities will
Businesses have some time before the GDPR comes into effect. be:
However, getting to grips with a new compliance framework takes Setting up the new European Data Protection Board. The Board
time and, when developing any new products or projects, an eye will replace the Article 29 Working Party and have an enhanced role
should be kept to the future. under the GDPR
Preparing the one-stop shop and consistency mechanism.
Why is it important? Issuing guidance, in particular on data portability, the notion of
The GDPR represents the future of the regulation of data protection ‘high risk’ and data protection impact assessments, data protection
in the EU. It is particularly important for two reasons. First, the GDPR officers and certification.
has a very wide scope and will capture both data and companies Communication relating to the new European Data Protection
that previously fell outside the realm of EU data protection Board and the GDPR.
6
VOL 5 ISSUE 1
Atlantic Bridge Capital confirms a
new €140m fund for tech
companies
A
tlantic Bridge Capital has confirmed the
first close of Atlantic Bridge III, a €140m
fund for technology companies with the
potential to scale globally in the areas of
big data, internet of things (IoT), robotics and cloud
computing.
The Dublin-based fund will invest in up to 20
European companies.
Investments are already closing in seven
companies.
The fund will focus on scaling Irish and European
companies in high-growth enterprise technology
sectors such as cloud, big data, augmented and
virtual reality software, robotics and IoT.
“We already have a number of pipeline
investments identified for the fund and are
confident that this will build on the track record of
success of our previous Funds,” explained Brian
Long, managing partner of Atlantic Bridge.
“As a growth equity stage fund, Atlantic Bridge III
will focus on taking companies with a solid and
exciting business model to the next level, scaling Brian Long, managing partner, Atlantic Bridge Capital, with Minister for Jobs, Enterprise and
them into key international markets like the US and Innovation Richard Bruton ,TD, and Kevin Sherry, executive director at Enterprise Ireland. Photo:
China.” Maxwell Photography.
The project is supported by the Department of
Jobs through Enterprise Ireland. AIB is also a new investor in the Atlantic Bridge
Participants in the new fund include existing Atlantic Bridge III fund.
investors, the Ireland Strategic Investment Fund, Enterprise In February, we reported that the organisation was close to
Ireland and the European Investment Fund, along with new closing a major fund.
institutional investors, including British Business Bank Investments Atlantic Bridge Capital is a global technology fund with more
Limited, the commercial arm of the British Business Bank, and a than €400m of assets under management across four funds,
number of institutional pension funds. investing in technology companies in Europe. Headquartered in
Dublin, it has offices and staff based in London, Silicon Valley,
Beijing and Hong Kong.
Using its international platform and “Bridge model”, the
venture capital firm has scaled a range of European companies
into the US and Chinese markets
Examples of scaled Atlantic Bridge portfolio companies
include Movidius, FieldAware, PolarLake, Metaio, Swrve and
Glonav.
Atlantic Bridge currently has more than 20 companies in its
funds’ portfolio and has achieved 12 realisations with proceeds
totaling over €1.7bn.
“The Atlantic Bridge model of connecting Irish technology
companies with key global markets makes it a key component
of the funding landscape and we are excited to continue our
partnership with Atlantic Bridge for Fund III, following the
strong performance achieved by Fund II,” said Eugene
O’Callaghan, director of the Ireland Strategic Investment Fund.
“This investment aligns with our dual objectives of generating
economic impact and financial returns and we look forward to
seeing it support rapidly growing Irish companies in accessing
Dublin's Atlantic Bridge has closed a major fund worth €140m which it will use customers, investors and partners in global markets in the US,
to invest in companies in cloud, big data, robotics and internet of things. China and Europe.”
7
VOL 5 ISSUE 1
Deciphering the puzzling
future of data security
From hackers to unencrypted smartphones and the
spectre of full-scale cyber warfare, the future of data
security is set to be a complex one that will affect us all.
What is the future of data security? 500bn connected devices through the evolution of the internet
The question is both naïve and unfathomable. Asking the of things (IoT), the threats are only going to skyrocket.
question in the first place means being ignorant of the reality “We are now in the realm of shadow IT where the internet
that the battle between victims and those who threaten us is a and devices from fridges to phones and thermostats are all
neverending one. There will never be a full stop. connected to clouds of clouds, and organisations don’t know
The World Economic Forum named cyberattacks one of the what apps employees are downloading, and businesses are
greatest threats to businesses and ranked it as a risk higher buying services without talking to IT,” said Greer-King. “The
than terrorist attacks, explained Theresa Payton, who was CIO truth is IT can’t control any bit of technology anymore.”
for the White House during the Bush administration from 2006 Paraphrasing Cisco chairman John Chambers, Greer-King
to 2008 and is now one of America’s leading cybersecurity added: “There are only two organisations in the world today:
experts and CEO of Fortalice Solutions. “The world’s leaders those that have been hacked and those that don’t know
know that attacks on private sector companies will damage a they’ve been hacked.”
country’s economic wellbeing,” she said.
In February 2016, US president Barack Obama gained ‘There are only two organisations in
Capitol Hill support for a budget increase of $5bn in additional the world today: those that have been
cybersecurity spending. This brings the cybersecurity budget hacked and those that don’t know
to $19bn in 2017 for the US government. “President Obama they’ve been hacked’
said that data breaches and cybercrime are, ‘among the most – TERRY GREER-KING, CISCO
urgent dangers to America’s economic and national security’,”
explained Payton. According to Cisco’s Annual Security
Report for 2016, cyberattacks continue Terry Greer-King, Cisco’s
Backdoors are bad ideas. Weakening to be a profitable business for cyber- European expert on IT
encryption is an old-school argument criminals, who are refining the way security.
and I’m not sure that’s even what the they attack back-end infrastructure.
FBI wants’ Last year, Cisco, with the help of Level 3 Threat Research and
Theresa Payton, Former White House Limestone Networks, identified the largest Angler exploit kit
CIO. operation in the US, which targeted 90,000 victims every day
and generated tens of millions of dollars a year by demanding
Theresa Payton, former
“Up until recently, most data ransoms off victims. Cisco estimates that, currently, 9,515
White House CIO and CEO
breaches did not result in a long-term users in the US are paying ransoms every month, amounting to
of Fortalice Solutions
financial impact on the victim. Once an annual revenue of $34m for certain cybercrime gangs.
the victim cleaned up the breach and
accounted for expenses, usually stock prices or market The public face of a breach
reputation returned to previous levels. The status quo will Greer-King explained that 60pc of the “bad stuff” occurs
change and the financial impact going forward is very real and within the first few hours of an attack happening, when the
morphing with today’s threats,” she warned. cyber-thieves gain access to a company system and accounts
Payton cited IBM’s latest study, which revealed the average get stolen or compromised. But remember, the industry
cost of a breach rose to $3.8m in 2015. A recent study by average for detecting a breach is 100 days, long after this
SkyHigh Networks asked companies if they would pay cyber- damage has been done.
criminals in the event of a ransomware attack and almost 25pc At the rate at which attacks are accelerating, it is going to
said yes, and 14pc of those said they would pay more than be a case of when, and not if, an organisation’s capacity for
$1m to get their data back. crisis management will be tested. How an organisation reacts
in the first 48 hours of detecting an attack or breach will be
Under constant threat revealing, not only for customers, but employees and
Terry Greer-King, the director of cybersecurity at Cisco UK and shareholders alike.
Ireland, revealed that there are 3bn Google searches daily and “It is like that old military analogy: even the best-laid plans
19.7bn threats detected in the wild every day. The tech sector fall apart after the first five minutes of contact. Cool heads are
is trying to pare down the current industry benchmark for important and, unless people are tested and attacks are
threat detection but, at the moment, the bad guys have an simulated, you will never know what is going to happen in the
average of 100 days to do their worst before a threat is heat of the moment,” said Kris McConkey, PwC’s partner-in-
discovered. Considering that the world in 2030 may have charge of cybersecurity.
8
VOL 5 ISSUE 1It is like that old military analogy, even data and where they can go with it.
the best-laid plans fall apart after the “We are at a juncture where there is only a nuanced
first five minutes of contact’ understanding of the differences between sophisticated and
– KRIS MCCONKEY, PWC unsophisticated attacks,” he said. “Organisations are often so
busy trying to protect against mainstream, everyday malicious
Evidently, the march of technology is activity that they are unprepared for the more sophisticated
creating chaos for CIOs and CSOs to targeted attacks.”
keep on top of, but the narrative is Kris McConkey, partner-in-
changing. CEOs and boards are now the charge of cybersecurity, ‘Organisations are often so busy trying
fall guys rather than IT professionals. PwC to protect against mainstream,
McConkey posited that cyberattacks are everyday malicious activity that they
now a boardroom issue, citing the high-profile attack on Talk are unprepared for the more
Talk’s servers last year. sophisticated targeted attacks’
“In the UK, breaches like [the Talk Talk breach] have seen the – MARK HUGHES, BT SECURITY
CEOs of companies suddenly propelled onto [current affairs
show] Newsnight and radio shows,” said McConkey. “This was a The head of enterprise at Dropbox, Mark Hughes, president, BT
seminal moment because it made boards realise that breaches are Ross Piper, is responsible for driving the Security.
no longer something that can be offloaded to the chief security US company’s growth in the enterprise
officer, but it is actually the boards themselves that are on the market, building on its presence in 97pc of Fortune 500
spot when things can go wrong.” companies. Like Hughes, he believes the perimeter is no longer
the defensible part of the network. It’s all about the data.
You are the weakest link Cloud services like Dropbox allow everyone from small teams
Ultimately, the triggers for the biggest attacks and vulnerabilities of creators right up to thousands of individuals in a corporation
are people. No matter what elaborate security defences are put in to collaborate and share data on any device. In the past, this
place, Accenture’s Bill Phelps explained that it is people – AKA the would have given a CEO or CIO a heart attack, but the
‘wet firewall’ – who let the intruders in. productivity benefits and the inherent security to protect data
“There were con artists long before technology was ever on the in the cloud have evolved in ways that could frustrate attackers.
scene,” said the managing director and global lead for Accenture
Security, who tracks a natural evolution from this to the infamous ‘This is a precursor to a fundamental
emails from Nigerian royalty and, today on social media, where shift in security models that we’ve been
users try to persuade others to transfer money. “Today, we are talking about for decades but which is
seeing mid-level executives being conned into allowing the bad finally coming to fruition’
people in using phishing attacks.” – ROSS PIPER, DROPBOX
‘100pc defence is impossible, but it is “If you take a 400MB video as an
good to constantly test yourself against example. What we do when a user Ross Piper, head of
mock adversaries’ saves that into Dropbox is we actually enterprise at Dropbox.
– BILL PHELPS, ACCENTURE break that into a hundred 4MB file
blocks. Each of those file blocks is individually encrypted. They
Even senior US government officials are stored at random within the storage service with 1bn new
who ought to have been at the pinnacle files per day. Imagine 1bn files – that’s well more than 10bn
Bill Phelps, managing of awareness and protection – such as file blocks,” Piper explained.
director and global lead for the head of the CIA, John Brennan – To illicitly access a specific file on this service, a hacker
Accenture Security. were compromised and embarrassed would have to get through the encryption tunnels, find the
by amateur hackers. Individuals, as well right 100 4MB blocks amongst tens of millions of file blocks
as businesses, need to be street smart, but also realise they saved that day, and individually unencrypt each one of them.
can’t protect everything. This intelligent breaking up and sequencing of blocks of data
“The battle space is so vast and takes in every person and represents the future of security in the cloud.
organisation,” said Phelps.“There are criminal gangs out to “This is a precursor to a fundamental shift in security models
steal your information or credit card numbers. Organisations that we’ve been talking about for decades but which is finally
are staving off industrial espionage and front-running trading. coming to fruition,” said Piper.
There are attacks on banks just to understand M&A activity,
and all of this is very specialised.” Protection vs privacy
And yet, all of the sophisticated defences in the world can It’s not just the growth of data that concerns security
still be undermined by a human weakness, like falling prey to a professionals and consumers, but the growth of data-
spear-phishing attack. collecting devices. “More devices will simply mean more ways
“It is an asymmetrical problem in which the defender has to to attack. Nothing is going to be safe,” said Cisco’s Greer-
close every loophole, but the attacker has to only find one way King. “There will be sensors everywhere to collect data,
in. 100pc defence is impossible, but it is good to constantly connect cities and ultimately change the way the world
test yourself against mock adversaries.” operates. But not every data point, not every sensor, will have
a firewall.”
The devil is in the data With the advent of IoT and machine-to-machine (M2M)
Mark Hughes, president of BT Security, said he believes technology, threats against seemingly harmless consumer and
organisations need to prioritise what it is they are trying to industrial devices are already accelerating. According to PwC,
defend rather than locking down everything. He warned that the number of attacks on embedded IoT devices among
the era of security beyond the firewall will require granular companies it surveyed increased 152pc in 2015, yet only 36pc
controls and privileges that define who can do what with the of these companies had a security strategy for IoT.
9
VOL 5 ISSUE 1‘We have smart TVs that we didn’t hands of the so-called good guys, Payton had a different view of
realise had microphones built in. They this analogy.
are invisible to us and we don’t know “Backdoors are bad ideas. Weakening encryption is an old-
who captures this data and what it is school argument and I’m not sure that’s even what the FBI
being used for’ wants,” she said. “The FBI is not asking Apple to unlock the
– DR DIRK PESCH, NIMBUS CENTRE phone or to create a master key to use to unlock all phones.
What the FBI is asking for is for Apple to remove a barrier, to
Dirk Pesch, head of the Dr Dirk Pesch heads up the Nimbus remove one step, so the FBI themselves can attempt to unlock
Nimbus Centre, CIT. Centre at Cork Institute of Technology, the phone.”
where more than 80 researchers are
working on the future of the internet of things. He believes the Non-stop security
Stuxnet attack on industrial SCADA control systems in nuclear It’s no surprise that a smartphone has
plants foreshadowed the world that is to come, but instead of taken a central role in defining
factories and utilities being attacked, it will be the systems we information security, as millions of
invite into our homes. people are now living their lives
Pesch offered the example of remote meter readings, where an through these devices. With the
M2M device with a SIM sends your data to the electricity or evolution of mobile wallets, fingerprint
water company. “If hackers know what they are doing and can biometric security – once seen as sci-fi –
Tim Cook, CEO of Apple.
breach the system, it won’t take long for an attacker to know if is now a reality, and companies from
your house is occupied or not,” he said. Amazon to MasterCard are
“We have smart TVs that we didn’t realise had microphones experimenting with even more new ways to authenticate
built in. They are invisible to us and we don’t know who captures payments.
this data and what it is being used for. There are huge issues of “Payment technologies have never been safer, but criminals
privacy ahead.” have never been smarter,” said Bob Reany, executive president
How the information stored on the multitude of personal of Identity Solutions at MasterCard. “Most of us can agree that
devices set to occupy our homes in the future will be treated passwords are a real problem. “People forget them often and
could well be defined by the outcome of the present legal it’s a pain to go through the retrieval process.”
wrangle between Apple, the FBI and the US Department of Conceding that there is no silver bullet to fight fraud, Reany
Justice. The San Bernardino iPhone case could be the defining said MasterCard implements multiple layers of protection to
issue of our age, technologically and personally, but former protect users every time they pay. Following a trial in the
White House CIO Payton said the issue may not be resolved to Netherlands, the credit card brand is rolling out a selfie security
the satisfaction of Silicon Valley. system in 14 territories this summer, in an effort to move away
“This is historic. The decision that comes out of this ultimately from the prevalence of passwords.
decides how we fight terrorism in this country,” she said. “I wish passwords were passé!” said Payton, though she’s not
Payton said she thinks it is important to note that other yet satisfied with the proposed alternatives. “I am quite wary of
industries compelled by a court order to produce records have biometric data until the vendor devices, the storage, and
implemented methods of compliance. “The banks had to create collection of biometrics are locked down and safe.”
processes and systems to respond to anti-money laundering And even if biometrics technology is a step in the right
requests and more. The phone companies have had to create direction, it is likely cyber-criminals are already working on a
ways to respond,” she explained. way to circumvent it. “The moment we roll out selfie and big
While Apple CEO Tim Cook described the opening of data, behavioural-based analytics for authentication, it’s time to
backdoors into encrypted devices as the “software equivalent of go back to the drawing board to invent the next approach,”
cancer”, offering no guarantee that the keys will remain in the concluded Payton.
e regularly hear that Ireland has warehouses full of servers is down to the
What W established itself as the ‘data capital
of Europe’, with many of the world’s largest
cold weather that many of us complain
about on a regular basis. Additionally, you’ll
makes tech companies basing data centres here,
but what exactly do we know about them?
find most Irish data centres clustered along
the M50 motorway, which mirrors the
Ireland Ronan Harris, head of Google Ireland,
recently described the country as the data
route of the T50 fibre trunking system
running from north to west Dublin.
the capital of Europe and, going by industry
reports, it’s hard to disagree.
While cooling and connectivity are
essential for operations, there are other
ultimate Specifically, a detailed report published
by global data analyst group 451 Advisors
technical standards that comprise Irish,
and, indeed, any, data centres.
data in 2013 predicted that Ireland’s data centre
industry would overtake the UK and
For example, square footage and energy
usage contributes to what standard a data
centre mainland Europe locations, with a growth
rate of 18pc over the coming years.
centre finds itself in. One such standard
scrutinised by potential clients is power
capital of What makes a good data centre?
usage effectiveness (PUE), which divides
the total facility energy into its IT
Europe? One of the key reasons Ireland is seen as a
good location in which to establish vast
equipment energy with the most ideal
score being 1.0.
10
VOL 5 ISSUE 15 tips to help protect your business
from cybercrime
Businesses of all sizes are at risk from the ongoing threat of cyberattacks and the theft
of sensitive data. George O’Dowd from Novi Technology details the risks businesses
face from cybercrime and the steps they can take to protect their business.
any businesses have fallen victim to security breaches
M without their knowledge. An ageing infrastructure and
a growing trend in the automation of cyberattacks –
making them smarter, harder to detect and more
widespread – is contributing to the increasingly delicate security
environment.
SMEs in Ireland are taking risks with their reputation and their
ability to conduct their business by overlooking the dangers of
cybercrime. A recent survey by Zurich Insurance revealed that
nearly half of SMEs surveyed didn’t feel that they needed to
protect their business against cyberattacks, despite listing data
protection as one of their biggest concerns.
Small and medium-sized business owners need to become
acutely aware that they are as likely to be hit with cybercrime as
their bigger competitors but they are less equipped financially
and operationally to absorb the impact.
Below are some of the ways criminals can gain access to your
data – and what you should do to protect yourself.
1. Malware some situations guest access is not partitioned from internal
Using malware hackers can silently transfer your customer data or systems, leaving company data exposed. Organisations, small
intellectual property to external servers where it is collected and and large, should implement more complex password policies
sold for substantial gains. More often than not employees provide that need to be regularly changed.
access to systems by clicking on a compromised email or a
disguised file download. 4. Unsecured devices
Laptops should be encrypted and you should be wary of the
2. Unprotected systems devices you allow to connect to your internal wireless network.
Criminals can also get inside your network by targeting security
vulnerabilities on unpatched devices. Many businesses have fallen 5. Data storage
victim to ransomware, whereby company data becomes If you are using cloud-based service providers ensure they are
encrypted, leaving the business paralysed unless a ransom is paid credible and that your data is encrypted and protected offsite.
to criminals for the unlocking key. For online businesses it is important that you don’t store
Nearly a quarter (23pc) of Irish organisations have been held to customer payment data on your servers, ensure servers are
ransom by a hacker, and yet the vast majority (93pc) assert they regularly patched and updated and consider implementing
would never pay a ransom. safeguards against distributed denial of service (DDoS) attacks. A
DDoS attack consists of hundreds if not thousands of connections
3. Exposed Wi-Fi access being made to your systems at the same time, causing them to
Poorly configured wireless access points are often an easy way to become overwhelmed and unusable, which can lead to
access corporate networks from outside the building, and in significant loss by forcing your website offline.
Firms need more focus on detecting IT attacks, event hears
he biggest information technology security challenge for “Companies are warming to that idea that it now isn’t if, but
T companies is detecting and responding to threats, according to
Rob Sadowski, director of marketing at security company RSA.
when, they will be attacked. But for that not to be a fatalistic point of
view, what do you do?”
However, many businesses are still wrongly focused on outdated IT The goal is to have systems, and increasingly, well-trained IT
security tactics, trying to prevent attacks by using antivirus software specialists in the company that can recognise an attack when it is
and firewalls rather than aiming to detect inevitable intrusions and happening, and detect it as early as possible to limit loss, he said.
then prevent or contain damage, he said in an interview at the A recent survey of companies by RSA indicated three out of four
company’s annual RSA Security Conference in San Francisco. organisations were “very dissatisfied with their ability to detect and
“Defences are often built for yesterday’s IT,” he said. investigate those threats,” Mr Sadowski said.
11
VOL 5 ISSUE 1Zinopy launches 'inSIght'
To help organisations to manage, monitor and measure their IT Security
posture and Systems performance.
F
or over a decade, Zinopy has been first Managed Operational Service called Zinopy InSIght – Security
Ireland’s Market leading Solutions “Zinopy InSIght”. Intelligence
Advisor and Services Provider of Zinopy InSIght has been designed to
Information Security and deliver Business Outcomes through
Virtualisation Technologies. Operational Excellence in both
We have used our experience and Information Security and Citrix
expertise to bring to the market Ireland’s Virtualisation. John Ryan, CEO, Zinopy: “We recognised
there was a gap in the market based
on security skills shortage, rise in
cyber attacks – in both sophistication
and volume – and an increase in the
complexity of today’s security
landscape. Our managed security
service is founded on Security
Intelligence and Analytics and it
provides organisations with full
visibility of their network so that they
can detect intrusions in real time and
respond to breaches effectively”.
Zinopy InSIght – Systems
Intelligence
Aidan McEvoy, Sales Director,
Zinopy: “We have been Ireland’s
Citrix Platinum Partner for over 10
years and have consistently invested
in the best and brightest talent in
the country; we are uniquely placed
to offer a world class service to our
customers. “Our goal is to help our
Customers deliver a consumer type
experience to their IT users through
the use of innovative tools, business
oriented processes and an
enthusiastic and experienced team
of people with one common
imperative - to deliver a great
Customer Experience”.
The Zinopy inSIght Centre is
Book your FREE consultation & demo with Zinopy to discover how our based at our dedicated facilities in
managed security intelligence service can keep your organisation secure. Dublin using industryleading
Email: ibmsecurity@zinopy.ie stating code ZinopyISO-01 innovative technology, providing
the backbone for Zinopy’s managed
services.
Contact Zinopy to discuss your
business requirements:
Phone: 01-8976750
Email: info@zinopy.ie
Web: www.zinopy.ie
12
VOL 5 ISSUE 1EXHIBITOR DIRECTORY
SPONSORED BY
Managed Security Service offerings with edgescan™’s SaaS-based vulnerability
Arkphire & 2015 was a year of serious security breaches; management platform. The edgescan™ family offers
Edgescan Arkphire with edgescan™ can help prevent you
from getting hacked while continuously protecting
advanced scanning technology with expert website
and server security analysis, to enable customers to
Tel: +353 (0) 1 207 5700 your business and client data. identify, prioritise, manage and remediate
Edgescan™ is a Managed Security Service vulnerabilities. With a SaaS solution, customers can
Email: rita.martin@arkphire.com
providing full stack coverage on both network and focus time and resources on the execution of other
Website: www.arkphire.com applications with continuous vulnerability information security and ICT activities.
assessment. It detects technical vulnerabilities and Of all the vulnerabilities discovered by in 2015,
weaknesses before the hackers do. This is a hybrid 63% could have been mitigated via patch,
offering as a managed service with human configuration and component management
validation (edgescan™ security analysts) supporting combined. Edgescan™ detects security weakness
customers globally. The combination of Arkphire’s non-stop.
ICT expertise with edgescan™ will provide an overall ISO27001 focuses on "continuous improvement",
comprehensive solution to address the growing risk so does edgescan™. Talk with us today and feel free
from insecure web applications and hosting to measure your cyber resiliency and posture
environments. improvement with the edgescan vulnerability
Arkphire combines their Managed Service management service
Certification Europe is an accredited ISO training courses in these areas.
Certification Certification Body serving a wide range of We partner with our clients to ensure their
Europe Ltd clients from SME's, Multinationals and ISO certification becomes a valuable asset.
Government bodies. Certification Europe With headquarters located in Dublin, we have
Tel: +353 (0) 1 642 9300 awards certification against a range of ISO local offices in the United Kingdom, Italy,
Email: Standards giving you a competitive advantage Turkey and Japan.
info@certificationeurope.com as well as driving quality, innovation & cost
Website: savings. ISO standards have helped company’s
www.certificationeurope.com open up export markets and increase brand
recognition and prestige.
Proud of our expertise, we are considered an
authority in Energy Management (ISO 50001),
Information Security (ISO 27001),
Environmental (ISO 14001), providing
assessments as well as public and bespoke
CloudAssist is a certified Microsoft Cloud Depl to help our clients to get the most of their
CloudAssist oyment Partner and is an Office 365 migrator inves tment in Office 365 by understanding
for Microsoft Exchange and Sha repoint with a the business needs and their own cloud
Tel: +353 (0) 1 685 2556
user-centric approach for improved Business readiness. CloudAssist is eligible to provide
Email: info@cloudassist.ie
Process efficien cies and cost savings while Office 365 and SharePoint De ployment
Website: www.cloudassist.co
achieving ISO27001 level of IT security includi Planning services for clients with more than 50
ng digital signatures and Mobile Device users which is wor th up to €3K towards their
Management MDM. migration to Office 365 along with furth er
We assist our clien ts to adopt the many grants for enterprises with more than 150
cloud features of Office 365 and 3rd party add- Office 365 seats and clients w ith Enterprise
ons so that their users are more connected Agreements. CloudAssist is the Proud sponsor
both internally in the organisation and with of the non-pro fit initiative, Just Social, (Social
external users such as suppliers, partners and, Tech donations for Irish Charities) which
most importantly, the ir customers. Our aim is includes Microsoft Office 365
CalQRisk was established to provide Included in our rich knowledgebase are the
CalQRisk organisations with world class Enterprise-wide risks and associated controls that would be
Risk Management software solutions-enabling expected to be in place in organisations that
Tel: +353 (0) 61 477 888
them to identify and manage risks to the are ISO27001 compliant. If you are planning to
Email: enquiries@calqrisk.com
achievement of their objectives. seek accreditation to this standard you can
Website: www.calqrisk.com
Using CalQRisk, our flagship product, we carry out a self-assessment simply by
provide access for clients to an extensive answering the questions in our risk question
knowledgebase of risks and associated controls sets. The CalQRisk Dashboard will quickly tell
allowing them to measure and improve their you those areas that need to be addressed to
risk management capability. Our ensure you are compliant.
knowledgebase is the product of the For tools to support your Governance, Risk
experience and wisdom of over forty subject and Compliance efforts contact us today.
matter experts. It continues to grow as
additional sectors are addressed.
16
VOL 5 ISSUE 1You can also read
