A Special Report is content that is edited and produced by the Special Reports unit within The Irish Times Content Studio. It is supported by advertisers who may contribute to the report, but who do not have editorial control.

The cyber threat landscape is morphing at its fastest rate in scale and sophistication

Recent ransomware attacks illustrate just how devastating cyberattacks can be on businesses not fully prepared to repel them

‘We are  constantly monitoring, assessing and responding to cyber threats directed towards HPE and implementing mitigating controls’

‘We are constantly monitoring, assessing and responding to cyber threats directed towards HPE and implementing mitigating controls’

 

Several of the world’s economic regions now consider cyberattacks and the subsequent business interruption as the greatest risk big business faces today.

Galway is the base for the Hewlett Packard Enterprise (HPE) security centre of excellence and the home of the Security Fusion Centre, of which the HPE cyber defence centre and Global Security Emergency Command Centre are functions. The site has the largest footprint of cyber professionals within HPE globally, with around 250 people working there. The company also announced 150 new high-tech jobs in Ireland in March 2021.

The mission of the cyber security organisation in HPE is to protect the company with world class, extensible security capabilities and advance HPE’s business objectives by effectively managing risk.

“We do this by constantly monitoring, assessing and responding to cyber threats directed towards HPE and implementing mitigating controls,” says Paul Brennan, director, Security Fusion Centre, HPE.

The Cyber Fusion Centre provides 24/7 coverage, 365 days a year, and this is achieved through rotating shift patterns.

HPE’s Global Security and Emergency Command Centre operations team based in Galway is responsible for physical security systems monitoring and alarm response; employee travel safety and security; critical geopolitical world incident monitoring and response; and support of global resiliency teams during crisis-management events.

Recent ransomware attacks are a great illustration of just how devastating attacks can be on businesses that are not fully prepared to repel and mitigate cyberattacks, Brennan says.

“Arguably the threat landscape is morphing at its fastest rate to date, and the levels of malware attacks are increasing in scale, speed and sophistication. Today the scale of a data breach is just massive – we used to worry about breaches of maybe 10,000 records, but now we’re talking about millions of records in a single incident.

“And cybercriminals are now using tools like machine learning to accelerate their attacks and the speed at which they exploit vulnerabilities.

Resources

“But perhaps the most alarming thing that has changed is sophistication. Today we’re dealing with hacktivists, nation-states and large cyber organised crime groups who have resources far beyond your average enterprise. They know how to cleverly disguise their attacks to trick even the wariest of employees into clicking, whether that’s emails carefully crafted to look like they’re from a supplier with an urgent inquiry or a C-suite exec promising your next bonus – right down to logos and signatures,” he adds.

And while hackers’ footsteps used to be easy to spot today cybercriminals are using more nefarious techniques to cover their tracks – or even make it look like attacks are coming from someone else.

“In fact today hackers are packaging up and selling threats as software services, complete with subscriptions, updates, customer support and guarantees of numbers of infected devices. The cybercrime economy is just so formalised and structured that today you don’t even need to know code or need to be a smart hacker to launch a formidable attack – you just need enough motive and money.”

Across the world cybersecurity talent remains at a premium, and in some instances is unattainable as there is currently negative unemployment in the sector. “To tackle this as we build our cyber team and our future pipeline, we focus our efforts on building new talent alongside expanding the skillset of our own subject matter experts,” Brennan says.

To that end Hewlett Packard Enterprise’s cybersecurity team has partnered with a number of third-level institutes along the undergrad, post-grad and PhD level security modules/courses.

“This initiative is really helping us grow a future talent pipeline across the full spectrum of job levels whilst demonstrating to our existing employees that we are heavily invested in building out their cybersecurity careers with HPE.

Education institute

“Currently 30 per cent of our current cybersecurity employees have completed or have commenced a sponsored MSc in cybersecurity from an Irish higher education institute, subsidised by the Irish government, with the rest paid by HPE.

“As we’ve grown our cyber operations in Galway we’ve both successfully upskilled traditional IT operatives plus recruited graduates from cyber (and non-cyber) technical backgrounds.

“Companies can’t afford to wait around for the perfectly well-rounded, seasoned cyber professional because the truth is they don’t exist – so we strongly believe that you must be willing to invest in fostering and training this talent both internally and externally,” says Brennan.