Business Technology

Tuesday 26 September 2017

Ireland's new cyber bodyguards

A fast-growing pack of Irish firms and consultants are making a fortune protecting businesses from online attacks, says Sarah McCabe

Eoin Goulding
Eoin Goulding

Eoin Goulding's biggest problem is that his company is expanding too fast. Integrity Solutions has been forced to move office five times in the last decade as client numbers and employees swelled much faster than predicted.

It's not a bad problem to have, concedes the 38-year-old Goulding.

His business is the biggest indigenous company in the country's fastest-growing sector: cyber security. It helps Irish, and more recently UK, companies protect themselves from malicious hacks by criminals, helping guard their customers' data.

Founded by three friends a decade ago in a residential basement, today Integrity Solutions employs 125 people and generates revenue of €25m a year. Clients range from SMEs to multinationals, from hair transplant clinics to Vodafone and AIB - it handles the latter's entire cyber security needs on an outsourced basis.

"I have people contacting me about once a month asking if we are thinking about selling," says Goulding. "But I'd be stupid to get out now when we are growing at this speed. We could double the size of the business in three years. Plus, I love what I do."

Goulding is a serial entrepreneur, whose first business sold computer equipment from above a Boots pharmacy in the Dublin suburb of Rathmines. On top of his 80pc stake in Integrity Solutions - the company managed to expand without cashing in any equity - he owns an investment business and a media company, 256 Media, which publishes House and Home and Confetti magazine. No surprise then that he has just been shortlisted for this year's EY Entrepreneur of the Year Award.

Goulding is not the only one making a fortune from protecting companies' IT systems. With everyone from Ryanair to Revenue admitting they have been targeted by hackers and scammers, securing data is now a top priority for Irish CEOs - and the providers are reaping the benefits.

"Look at General Motors, one of the biggest companies in the world. It has just appointed a cybersecurity expert to its board," says Brian Honan of BH Consulting. "Nobody can afford to not take this seriously anymore."

His is one of a number of boutique Irish consulting firms dealing solely with IT security. At the other end of the scale, large accounting firms such as Deloitte and Grant Thornton and consulting groups like Accenture have also developed their own cybersecurity units to complement traditional units like tax and audit advice.

Cork, in particular, is emerging as a hotspot. Alongside a host of rapidly growing indigenous firms such as Ronan Murphy's Smarttech and Paul Ward's Ward Solutions, the 'real capital' is home to some of the industry's biggest names - Mandiant, McAfee, Intel and Trendmicro among them.

ESentire is another. The Canadian firm is establishing its European headquarters in Ballincollig, launching a state-of-the-art 'SOC' (Securities Operations Centre) where it will monitor traffic in and out of customers' systems in real time, with the aim of identifying attacks and problems as they happen. Integrity Solutions has a SOC too, at its HQ in Sandyford, Dublin.

ESentire doesn't deal in firewalls and antivirus software. "Those are great at catching yesterday's attacks, but today's cybercriminals are innovating," says Mark McArdle, the company's chief technology officer.

The average cyberattack isn't identified for 225 days and 70pc of businesses learn about it from a third party who notices something is wrong, rather than discovering the breach themselves. McArdle's clients can't afford that kind of vulnerability.

"Cork is building a global reputation as a cybersecurity hub," he continues. "We explored multiple European locations and what clinched it for us was talent; our primary requirement is access to a skilled workforce. We have a close relationship with Cork Institute of Technology and University College Cork. That same model of aligning ourselves with universities really worked for us in Toronto."

The regulators are getting involved too. The Central Bank recently began inspecting financial services companies to assess their ability to deal with cyber attacks. International credit card machine provider Elavon, whose Irish operation is based in Dublin's Cherrywood Business Park, is one company currently undergoing checks.

Those that fail the tests could face sanctions including fines, the disqualification of a member of company's management, or revoking a company's authorisation to provide financial services.

Forget social networks - all of this activity means cybersecurity is fast becoming the sector du jour for technology workers, says Honan. But fighting hackers from across the globe is not for the faint-hearted.

It's a field "that requires constant training, constant investment in people," according to Goulding. "We spend more on training than we do on marketing," he says.

"You are always having to skill up and adapt to what's happening, what hackers are doing. It's just like protecting your home - you can't just put a Chubb lock on your front door anymore when criminals are inventing new ways to get in every day."

While Ryanair is the latest Irish company to experience a major cybersecurity attack - last month the airline said it lost €4.5m after a Chinese criminal group managed to get access to its bank accounts - the most serious remains Loyaltybuild. In 2012, the Ennis-based loyalty scheme provider had sensitive financial information belonging to 90,000 Irish consumers stolen from its system.

"Everyone who handles customer data is vulnerable now," said Mike Harris, cybersecurity partner at Grant Thornton. "Everybody is getting hit. And only about 5pc of breaches ever make it into the media."

Those doing the hacking have become far more sophisticated too. "Attacks are very professional now. They are being performed by large criminal organisations who are hiring people to do this as a job. It is bigger than the international drugs market," Harris adds.

"They are industrialised, highly automated attacks coming from places like Russia and North Korea, where internet security laws are weak and foreign prosecutors have no hope".

One new trend emerging in Irish cybercrime attacks is social engineering, where hackers target the employees of a big company rather than their technology. "They might identify a person working with customer databases in a big telecoms firm, for example, using their LinkedIn or Twitter page," Gouldings says.

"Then they'll start emailing that person posing as a colleague in a subsidiary company, to establish a relationship. One day they'll email looking for the person's passwords, saying they need to access something - and bam, the database has been hacked.

"Or, if I were to drop a pile of USB keys in the car park of a big company - you can be guaranteed that a curious employee is going to pick it up and open it on their work computer, installing whatever malware I like."

"Humans are the weakest link," agrees Honan. "People buy expensive technology and think they are safe, but it's not enough. Training staff is so important. The hackers are targeting people now, not just their machines."

Sunday Indo Business

Also in Business