From Reactive to Proactive – How Irish SMEs Can Get Ahead in Cybersecurity 

3rd October, 2024

Article by Michael Conway, Managing Director at Renaissance, created for Technology Ireland ICT Skillnet as part of the European Cybersecurity Month

From Reactive to Proactive - How Irish SMEs Can Get Ahead in Cybersecurity - image

Even if you only keep an occasional watch on the stream of news that flows through cybersecurity-focused web publications, it’s hard to miss that cyberattacks are endemic.

Some of the news stories even burst through to general news sites. A recent example of this breakthrough into mainstream news was the data breach announced by Ticketmaster’s parent company, Live Nation Entertainment. They announced in May that attackers had stolen details of 560 million user accounts.

This came at a particularly bad time for Live Nation, as the week before, the US Department of Justice had opened an anti-trust investigation into Ticketmaster. Issues with ticket sales and variable pricing shenanigans for several popular and oversubscribed music tours compounded their woes later in the summer. But that’s a topic for another blog. Or the pub!

Getting back to the cybersecurity aspect of the Ticketmaster data breach, it’s worth noting that their cyberattack was related to an attack on a cloud database supplier they used called Snowflake. Lots of other businesses were also breached and impacted by the Snowflake security breach.

One takeaway from the Snowflake breaches is that having your data stored by a third-party supplier does not mean you can forget about data security. This is true for SMEs as well as large enterprise organisations such as Ticketmaster or Santander (who were also impacted by the Snowflake security failures.

The Cybersecurity Threat Landscape in Numbers

If you are a leader in an SME, you’re unlikely to have cybersecurity and the threats facing your organisation as your primary focus. Depending on the size of your business, you may have an internal IT team tasked with delivering cybersecurity. Or you may have outsourced the delivery of cybersecurity to a specialist managed service provider (MSP). Even if you have an IT team, this could be the case.

As a leader in an SME, you need to treat cybersecurity as one of the core operational parts of the business. The threats are so severe (existential in worst-case scenarios) that you need to position cybersecurity alongside other essential business activities like disaster planning, finances, sales, human resources, and whatever else is core to the success of your business.

But just how severe is the threat from cyberattacks? There are many data sources available to quantify the problem. I’ll use data from the recent SonicWall 2024 Mid-Year Threat Report, although many similar sources are available. There is also a 3-page Executive Summary of the latest SonicWall report.

How Irish SMEs Can Get Ahead in Cybersecurity - article quote card 1

Titbits from the SonicWall 2024 Mid-Year Threat Report Data

Here are a few titbits from the data. You can read more in the full report.

  • SonicWall’s detector sensors detected 50 hours of attacks per week for an average firewall deployment.
  • Ransomware continues to be a major threat.
  • Other Malware types trended up by 30% from March to May 2024.
  • New malware variant detections averaged 500+ per day. A signal of attack gangs trying new attack techniques.
  • The attack methods that employed encryption as a way to hide from defences jumped by a whopping 92%
  • Supply chain attacks using linked partners and software delivery chains intensified.
  • Business Email Attacks (BEC) have hugely increased. One insurance company reported that there were 10 BEC attacks for every ransomware attack. Another sign of changing tactics by attackers.
  • New Phishing methods are appearing using things like QR Code hijacks.

This sampling, as well as data from many other sources, shows the scale and severity of the threats that businesses and other organisations face to their data and IT systems.

It’s not just large business and enterprise organisations who are the targets of cybercriminals. SMEs are also getting attacked. A recent survey published in April 2024 by the UK government showed that 70% of medium businesses had experienced a cyber security breach or other attack during the previous 12 months. Smaller companies are no longer off the radar of cybercriminals.

Indeed, there is evidence that SMEs are a top target for many attack gangs as they think that smaller businesses are less likely to have the cybersecurity protections that larger organisations have the resources to deploy.

Keeping Skills Current is Essential

Keeping current with threats and defending your organisation in the ever-changing security landscape is a full-time task. One for dedicated cybersecurity professionals. Even getting a handle on the threats at a particular point in time is a monumental task. Giving your cybersecurity teams, plus your staff more generally, access to top-notch training is vital.

As is working with external cybersecurity-focused managed service providers (MSPs), value-added resellers (VARs), and security solution vendors, as they have the staff with the skills and the time to focus on cybersecurity. Plus, working with external experts means you benefit from the experience that these cybersecurity experts have built over time across numerous clients.

Both training and using external expertise are key to getting the proper cybersecurity defences in place and having people with the skills to deploy and operate them.

Ongoing Cybersecurity Training

As you are reading this blog on the Technology Ireland ICT Skillnet website, I’ll assume you know who they are and the government-backed training they provide.

Given that Technology Ireland ICT Skillnet has the training aspect of the two elements needed to deliver security covered, I’ll turn to external experts. Thankfully, in Ireland, we are blessed with a vibrant ecosystem of cybersecurity service providers and vendors – both homegrown and as subsidiaries of European and Global companies.

At Renaissance, we partner with over 40 cybersecurity vendors to bring industry-leading security solutions to the Irish marketplace. Solutions that can be combined and deployed in myriad ways to build unique, multi-layered cybersecurity strategies tailored for each business or organisation.

How Irish SMEs Can Get Ahead in Cybersecurity - article quote card 2

Cybersecurity Frameworks Help Level The Threat Landscape

Cybersecurity defence needs to include a wide range of technical solutions, and their deployment must adhere to proven industry best practices if we are to prevent threat actors from hiding their activities in the threat terrain. A cyber defence strategy typically needs to include the following:

  • Advanced threat detection and response
  • Network Detection and Response (NDR) 
  • Endpoint Detection and Response (EDR)
  • Multi-factor authentication (MFA) 
  • Identity Management (AIM)
  • Privileged Access Management (PAM)
  • Zero Trust Network Access (ZTNA)
  • Data Encryption when data is stored or moving over the network
  • Continuous vulnerability assessment and rapid patching
  • Security Information and Event Management (SIEM) tool integration
  • Employee awareness training. Including things like phishing simulations
  • Incident response and business continuity planning

Cybersecurity frameworks are a way to tame the complexity encountered when designing and implementing a cybersecurity defence strategy. They provide guidance and advice built up over many years on the best way to deliver effective cybersecurity.

Examples of cybersecurity frameworks include:

EU NIS2 Directive – The EU Council adopted NIS2 (Network and Information Security 2) in January 2023 to establish a high common level of cybersecurity across the Union. NIS2 sets cybersecurity risk management measures and reporting obligations for critical infrastructure sectors. EU Member States must implement NIS2 into their national legislation by 17 October 2024. The directive aims to harmonise cybersecurity requirements, update the list of sectors subject to cybersecurity obligations, and provide remedies and sanctions for enforcement.

ISO 27001:2022 – The latest version of the internationally recognised Information Security Management System standard. It offers a risk management approach to information security and includes mandatory requirements covering organisational context, leadership, planning, support, operations, performance evaluation, and improvement. Key changes in the 2022 version include a restructuring of controls into four themes: Organisational, People, Physical, and Technological, and the addition of new controls addressing emerging concerns such as threat intelligence, cloud services security, and ICT readiness for business continuity. Implementing it involves defining the risk scope, conducting risk assessments, implementing security controls, and continuously monitoring and reviewing systems. By implementing this standard, organisations demonstrate their commitment to protecting sensitive information.

NIST Cybersecurity Framework (CSF) 2.0 – Developed by the US National Institute of Standards and Technology, CSF 2.0 provides a comprehensive approach to managing and reducing cybersecurity risk. The latest version from 2023 enhances guidance on governance, supply chain risk management, cybersecurity metrics, emerging technologies, and advice for smaller organisations. NIST built the framework around five core functions: Identify, Protect, Detect, Respond, and Recover, offering flexibility for organisations to adapt to their specific needs and risk profiles. While this is a USA framework, it has seen global uptake. It is useful for SMEs looking for a framework around which to build their security strategy.

MITRE ATT&CK Framework – The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework provides a comprehensive matrix of cyberattack tactics and techniques, detailed information on attackers’ operations, and a common language for describing cyber threats. It is valuable for organisations seeking to understand threat actor behaviours and improve detection and response capabilities. Many security tools have incorporated this framework for reporting on cybersecurity threats and incidents due to its helpful categorisations, which makes it simpler to communicate threats and attack information to people with diverse cybersecurity knowledge levels.

Final Thoughts

To counter the threats that we all face, everyone must work together to protect SMEs and other organisations. Leadership teams who do not focus on cybersecurity and other technical IT areas need to be as involved in the decision-making around cybersecurity strategies as the technical CTO, CIO, and other IT leadership.

Training from Technology Ireland ICT Skillnet, plus the use of skilled professionals in dedicated cybersecurity-focused service providers and solution vendors, can go a long way to building the shared defensive community that we need to navigate the 2024 threat landscape and beyond.

About the Author

Michael Conway is a founding director of Renaissance Contingency Services since 1987 and is Managing Director of Renaissance since the acquisition of Renaissance by Northamber PLC in July 2024. He has managed the vendor relationships with over sixty leading Global data security vendors, he is heavily involved in evaluating and on boarding new cyber and compliance technologies for delivery into Ireland, and is the founder of the Annual CyberExpoIreland and CyberConIreland events in Dublin. Michael is a Fellow of the Irish Computer Society and is a founder member of the Emergency Management Institute Ireland and an Honorary Fellow of the EMII

Tackle cyber threats with confidence

Cybersecurity skills are continually in high demand and cybersecurity specialists are needed now more than ever.

Learn More About Cybersecurity Courses with Technology Ireland ICT Skillnet
Click Here
Abstract background