Majority of firms now see cyber attacks as a major threat, says survey for Dublin conference
More than half of businesses expect a cyber attack on their operations by the end of 2017 and one-third have already experienced one this year, according to a new survey.
Significantly, 84% of businesses see potential attacks as a major threat to their operations, according to the Dublin Information Sec 2017 survey, which comes ahead of the eir-sponsored second annual cybersecurity conference tomorrow.
While staff training to prevent such attacks is in place at over half of the companies surveyed, the human factor in cybersecurity will be explored further at the Dublin Information Sec event held at the RDS.
According to Dr Jessica Barker, a leader in the human aspect of cybersecurity, one of the key things that organisations can do is look at how they engage with the people who are working for them.
"Is their cybersecurity training effective? Are they measuring behaviours and whether the training is leading to positive behavioural change?" she said.
Dr Barker added that companies also need to consider how they balance rewards and punishments when it comes to cybersecurity.
"For example, many organisations run phishing exercises, where they send out mock phishing emails to test whether people click on the links," she said.
"Too often, when organisations do this, they focus on the negative result and how many people click the link.
"Instead, I would encourage organisations to focus on the positive result, how many people did not click on the link, as this is a more empowering and engaging approach."
Cybersecurity needs not always be so negative, Dr Barker said.
"Phishing and spear-phishing emails are a big problem for many organisations, so another practical step organisations can take is to add a 'report a phish' button in their email so everyone in the company has somewhere they can send suspected phishing emails," she added.
While the results of the Dublin Information Sec survey show a growing emphasis on staff training in relation to cyber attacks, firms are ill-prepared for upcoming new regulations, by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for individuals in the EU.
The General Data Protection Regulation (GDPR) rules come into force next May and failure to demonstrate compliance could mean fines of up to 4% of turnover or €20m, whichever is the greater figure.
The results of the survey show that despite this, more than half of respondents said their company is not prepared for GDPR and 32% said they were not aware of the implications of the new regulations.
On a broader scale, 91% believed that Ireland is not prepared for a cyber attack on the state.
This is a growing phenomenon, with North Korea-linked hackers among the most prolific nation-state threats.
It is an issue that will be addressed by Jeanette Manfra, US Assistant Secretary for Cybersecurity, at the event tomorrow.
Other speakers include Brian Honan, CEO, BH Consulting; Joseph Carson, cybersecurity strategist at Thycotic; Bradley C Birkenfeld, and Daragh O'Brien, Castlebridge CEO.
The Republic's Tanaiste and Minister for Business, Enterprise and Innovation Frances Fitzgerald will open the conference.
Dublin Information Sec 2017, Ireland's cybersecurity conference, addresses the critically important issues that threaten businesses in the information age. For more on INM's Dublin InfoSec 2017 conference, go to: independent.ie/infosec2017