Cork businesses and individuals urged to 'stay informed' about latest cyber threats

Detecting and defending against developing cyber threats is a constant challenge faced by businesses and individuals across Cork.

This is underscored by recent research from insurance broker and risk management company Gallagher, that revealed 40% of Irish businesses have been targeted by at least one cyber attack over the last five years — with 88% of these suffering some level of financial loss as a result.

Speaking to The Echo, Cork-based Will O’Brien, director of cyber security with PwC Ireland, outlined the primary cyber threats posed to businesses, and how these threats are constantly evolving.

“What we are seeing is that cyber criminals are using the likes of AI to enhance their sophistication against an attack. So for example, they can now use artificial intelligence for their phishing attacks,” said Mr O’Brien.

He said that previously a common way of identifying a phishing email would have been through its grammar, as many cybercriminals based overseas would not have English as their first language.

“Often, a tell-tale sign is that you may see a spelling mistake within the actual body of the email. But what they are now doing is using the likes of AI to help them draft the email in a business language, with no grammar or spelling mistakes,” he added.

“Organisations can become the target of phishing campaigns or spear phishing, where the CEO and CFO are targeted.

“Ransomware is still very prominent out there.”

Mr O’Brien said a cyber attack can all too often have severe consequences, including significant reputational damage.

He said there are a number of steps that can be taken by organisations to ensure adequate protection against cyber attacks is put in place.

“It is about ensuring the use of the latest technologies that are patched and securely up to date.

“I think also leveraging technologies to help defend against attacks. The likes of malware and anti-virus detection within their environment, end point detection and so on, to ensure that they are being effectively alerted if there is malware possibly being deployed on their systems.

“It is about user awareness, and training is of crucial importance. Ensuring that organisations are taking time out of their day to make sure they understand the latest threats.

“But also from training, people to understand what to look out for. And ultimately, who in the organistion employees are to contact if they identify something is suspicious. 

“That could be someone within the organisation that has a familiarity with IT or it could be a third party support provider, where they can validate if they are seeing something suspicious like an email or something malicious on their network, they can actually ask the questions early.

“That is because prevention is always better than cure.

“It is also about ensuring you have incident response plans for your business as well. But it is not about just having a plan on a page, you should also then rehearse it as well. 

“You are building that muscle memory within the organisation, preparing for a cyber attack where your critical applications and systems are taken offline.”

PwC Ireland opened its Cyber Managed Services Centre in its Cork office at One Albert Quay, last year.

The centre helps clients design, build and operate various cybersecurity services such as third-party risk management and privacy services.

Speaking to The Echo, Cork Green Party councillor Oliver Moran, who has a background working in IT, said that the area of cybersecurity should be a concern for all business as well as individuals.

“Unfortunately, as technology advances, so do the threats from people who want to exploit it,” he said, adding that ‘social engineering’ tactics can often trick people into revealing sensitive information.

“We’re all familiar with telephone scams wanting us to reveal credit card details. The same risks exist with passwords and other sensitive information.

“Now, we have AI-powered threats to contend with too. 

“Everyday AI can now easily be used to create highly convincing phishing emails that are tailored to individual recipients. 

“These emails can mimic the writing style and preferences of the target, and even interact with people, making them harder to tell from the real thing,” said Mr Moran.

“Technology is present everywhere in our lives as well as so much of our data being stored in the cloud. That means it’s not just a virus on your PC you need to consider.

“It’s crucial to stay informed about the latest threats, use strong passwords, enable two-factor authentication and be cautious online. Businesses should also invest in cybersecurity training,” he added.