Irish businesses in fear of cyber attack, says survey
Lack of information and education on security and use of social media pose biggest risks
Dave Keating: “The security team feels there’s a lack of understanding or appreciation of the responsibilities of regular users of IT systems within organisations to be on the lookout for security incidents, what they look like, and what they should do when they see them.”
Irish businesses fear the threat of a cyber attack on their business, with a lack of information and education on security and the use of social media posing the biggest risks.
According to a survey carried out on behalf of Irish IT distributor Data Solutions, about half of IT decision-makers in Irish companies are concerned that an attack such as that suffered by Sony could be a threat.
But despite the risk more than 50 per cent said their company does not provide enough education on IT security.
This is the third year of the survey, and Dave Keating, security manager with Data Solutions, said the trend has been apparent for some time.
“People don’t know enough about it but at the same time organisations aren’t providing enough information about it. There’s a bit of an anomaly there.
“The security team feels there’s a lack of understanding or appreciation of the responsibilities of regular users of IT systems within organisations to be on the lookout for security incidents, what they look like, and what they should do when they see them.”
He compares it to a bag left alone in an airport or train station.
“Twenty or 30 years ago people would have done that and not thought twice about it; now if you see one it’s weird, and within a few minutes no one will go near the bag and someone will alert a member of the security team,” he said.
“What the security teams within organisations are saying is we need to do the equivalent for online communications. What does an unmanned bag look like in an IT context?”
That could be an unknown email address, an unexpected attachment or even a spoofed email address.
“There are telltale signs that maybe you are being hit with something that isn’t what it appears to be,” he said.
“The potential frustration from the IT team is that in most organisations they would put warnings out, but most people just want to get their work done.”
The growth of social media and cloud services is posing a threat for IT teams, the survey found, with 82 per cent of respondents to the survey worried that social media could result in an attack on their business.
“It’s just another vector for attack,” said Mr Keating.
“If someone is really zoning in on a company they can use social media to build a profile of how to attack them, build up a picture of the company. Another side is just pure data leakage, information that shouldn’t be allowed out.”
The biggest fear is data loss or disclosure, with 91 per cent of firms citing it as a concern. However, 60 per cent said they were concerned about data destruction, with just over half worried about insider misuse and 50 per cent concerned about phishing attacks.
While there are not many companies on the scale of Sony out there, Mr Keating pointed out there are plenty of large companies in Ireland, including many multinationals.
“There’s definite targets in Ireland,” he said. These could be the smaller firms that deal with multinationals, targeted as a route into the larger firms.
The survey questioned 171 senior IT decision-makers in Irish businesses in March.