Firms urged to empower staff to be first line of defence as half say they are expecting a cyber attack


Ailish O'Hora

Ailish O'Hora

Dr Jessica Barker says engagement is key for firms
Dr Jessica Barker says engagement is key for firms

More than half of Irish businesses expect a cyber attack on their operations by the end of 2017 and a third have already experienced one this year, according to a new survey.

Significantly, 84pc of businesses see potential attacks as a major threat to their operations, according to the Dublin Information Sec 2017 survey, which comes ahead of the eir-sponsored second annual cybersecurity conference on November 1.

While staff training to prevent such attacks is in place at over half of the companies surveyed, the human factor in cybersecurity will be explored further at the Dublin Information Sec event at the RDS.

According to Dr Jessica Barker, consultant and co-founder of Redacted Firm and a leader in the human aspect of cybersecurity, one of the key things that organisations can do is look at how they engage with the people who are working for them.

"Is their cybersecurity training effective? Are they measuring behaviours and whether the training is leading to positive behavioural change?" she said.

Dr Barker added that companies also need to consider how they balance rewards and punishments when it comes to cybersecurity. "For example, many organisations run phishing exercises, where they send out mock phishing emails to test whether people click on the links.

"Too often, when organisations do this, they focus on the negative result and how many people click the link.

"Instead, I would encourage organisations to focus on the positive result, how many people did not click on the link, as this is a more empowering and engaging approach," she added.

Cybersecurity needs not always be so negative, she says.

"Phishing and spear-phishing emails are a big problem for many organisations so another practical step organisations can take is to add a 'report a phish' button in their email so everyone in the company has somewhere they can send suspected phishing emails."

While the results of the Dublin Information Sec survey show a growing emphasis on staff training in relation to cyber attacks, firms are ill-prepared for up-coming new regulations by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for individuals in the EU.

The General Data Protection Regulation (GDPR) rules come into force next May and failure to demonstrate compliance could mean fines of up to 4pc of turnover or €20m, whichever is the greater figure.

The results of the survey show that despite this, more than half of respondents said their company is not prepared for GDPR and 32pc said they were not aware of the implications of the new regulations.

On a broader scale, 91pc believed that Ireland is not prepared for a cyber attack on the State.

This is a growing phenomenon, with North Korea-linked hackers among the most prolific nation-state threats.

It is an issue that will be addressed by Jeanette Manfra, US Assistant Secretary for Cybersecurity at the November 1 event.

Other speakers include Brian Honan, CEO BH Consulting; Joseph Carson, cybersecurity strategist at Thycotic; Bradley C Birkenfeld, banker and whistleblower and Daragh O'Brien, Castlebridge CEO.

Tánaiste and Minister for Business, Enterprise and Innovation Frances Fitzgerald will open the conference.

Dublin Information Sec 2017, Ireland's cybersecurity conference, addresses the critically important issues that threaten businesses in the information age. For more on INM's Dublin InfoSec 2017 conference, go to: independent.ie/infosec2017

Dublin Information Sec 2017, Ireland’s cyber security conference, addresses the critically important issues that threaten businesses in the information age. For more on INM’s Dublin InfoSec 2017 conference, go to: independent.ie/infosec