As technology advances – such as the rapid rise of artificial intelligence (AI) and machine learning (ML) – so do the threats and consequences of inadequate cyber security for Ireland’s enterprises. In 2022 alone, Ireland saw a 26% increase in cyberattacks, with cybercrime remaining the most prevalent form of fraud committed in the country.
According to research by Grant Thornton, cybercrime cost Irish businesses a reported €9.6 billion in 2020 alone – and that number is estimated to have risen since.
Irish SMEs, in particular, are at risk of cybercrime due to fewer resources that can be dedicated to cyber security defences – and that means staying ahead of the threat is essential in avoiding financial damage, losing customer trust, and a poor reputation.
Staying informed on cyber security trends, new cyber security threats and any changes in cyber security and data protection legislation are just a few ways Irish SMEs can plan and defend themselves while also staying compliant with relevant data protection legislation.
Discover how ISO 27001 and it’s bolt-on standards can help your organisation meet legal GDPR requirements (along with standards such as Cyber Essentials) and build robust information security management systems, including protection of cloud data, personally identifiable information and privacy.
ISO 27001 was revised in 2022. Take our ISO 27001:2022 transition training to understand the changes and how to transition effectively.
Emerging cyber threats in cyber security trends
Cyber security trends fall into two camps – threats and defensive systems – and both are undergoing rapid evolution and transformation.
Keeping up with emerging cyber security threats can be challenging. New technologies such as smart devices, AI malware and even network-connected fleet vehicles are opening new opportunities for cybercriminals to gain access to information.
IoT devices being used as attack gateways
With the demand for “smart” or IoT (Internet of Things) products such as voice assistants and interactive doorbells rising rapidly worldwide since 2021, they can also provide an attack vector for cybercriminals to infiltrate workspaces.
Although many IoT devices operate on closed networks, cybercriminals can still hack devices and eavesdrop on private conversations or intercept data.
For SMEs looking to create more robust security policies, monitoring and managing these devices is key, and their use should be part of any data and IT security policy.
The new EU Cyber Resilience Act will introduce new mandatory cyber security measures to help combat the risk of smart devices being used as attack gateways, although this won’t come into effect for a few years.
AI-powered malware being developed
Despite AI being touted as an asset to SMEs in automating time-consuming processes, it has also increased the rate at which cyber security threats have evolved.
Combined with machine learning, AI has been key in creating automated security and automatic threat detection systems. But AI is increasingly used to develop malicious malware that circumvents the latest security protocols protecting data and private information.
Data protection and privacy should be a top concern for all Irish businesses. Investing in cyber security and data protection management systems can help counter rapidly evolving cyber threats like AI and ML-enhanced malware.
Increased risk to mobile apps
Another of the top cyber security trends in 2023 is mobile device app security.
Mobile apps provide a number of convenient business benefits when on the move, letting us keep tabs on client records, quickly respond to client queries and track meetings at a glance. But this convenience can come at a cost, with customer data and commercial IP potentially exposed to access from cybercriminals.
With mobile phones being such popular devices – 4.42 million in Ireland alone – the chances of cybercriminals taking advantage of easy hacking opportunities through networks and apps increase.
This is especially important for enterprises that allow Bring Your Own Device (BYOD) policies in the workplace. Unsecured mobile apps and unsupervised downloads can expose data to criminals, while devices themselves can be used to copy and transfer critical data from within secure company networks.
Ensure your business operates a robust BYOD policy, including using multifactor authentication (MFA) and providing cyber security training to employees.
Find out more about how ISO 27701 can support your commitment to privacy information management.
Targeted ransomware attacks rising
Ireland has seen a 56% increase in individual attackers conducting ransomware attacks, with targeted ransomware attacks on the telecoms and technology sector more than doubling towards the end of 2022.
Targeted ransomware is an advanced type of malware designed to hold a specific business’ information or data for ransom. With many industries running on the same software, a targeted ransomware attack could cripple the daily activities of several SMEs across a sector.
Besides costing Irish SMEs large sums of money, a targeted ransomware attack could also damage an SME’s reputation and customer base.
Increase in cloud-service attacks
In 2022, one in three Irish SMEs were victims of cybercrime.
Among the top cyber threats to Irish businesses, cloud security vulnerabilities were reported as one of the top three. Cloud computing has become an increasingly popular tool in businesses due to its convenient flexibility and scalability depending on a business’s needs, but even with the inbuilt security measures cloud software providers have, there are still opportunities for cybercriminals to gain unauthorised access. These include during cloud data transmission and during a digital transformation.
Learn how ISO 27018 (PII) can help you safeguard personally identifiable information and boost customer trust.
Interested in cloud data protection? Learn about ISO 27017 – the global standard used by organisations to strengthen cloud data protection and cloud security services
Automotive hacking
Automotive hacking often occurs with the intent to cause harm or disruption, or steal data, with cybercriminals hacking into a vehicle’s computer system and taking control of various functions.
While a previously niche attack vector, the rapid move to electric vehicle fleets means enterprises using EVs with sophisticated onboard computing and connectivity systems. Some EVs can host video conferencing calls, send and receive email and data, and may be connected to high-speed 5G networks.
Because EVs are relatively new, EV security is still being developed, making automotive vehicles potentially sitting targets for cybercriminals.
For SMEs that use EVs to provide their services or have connected fleets of automotive vehicles, automotive hacking could be an issue. Businesses should ensure that data policies are in place for EVs that allow connectivity and data storage.
Remote working on unsecured networks
In the wake of the Covid-19 pandemic, many Irish SMEs have adopted a work-from-home or hybrid work model. Not only does this approach allow Irish businesses to save costs associated with workspaces, such as rent and energy bills, but it sees an increase in productivity in employees.
However, with remote working comes potentially insecure computer networks as home or coffee shop WiFi becomes an extension of the corporate network. Remote working can allow cybercriminals to compromise unsecured networks and exploit the lack of security to gain unauthorised access to data via increasingly complex attacks.
Emerging cyber technologies in cyber security trends
Cyber security trends aren’t entirely in the realm of threats.
Where cybercriminals can leverage technology to expose new routes of attack, SMEs can investigate new cyber security trends and technologies designed to keep data and networks safe.
Passkeys start to replace passwords
Passwords represent one of the biggest risks in security – with guessable, weak or stolen passwords opening up networks and data to cybercriminals.
One of the most common forms of cybercrime is phishing, where a cybercriminal poses as a trustworthy individual or company to gain an individual’s personal details, such as passwords, typically via email or text.
A new trend is to migrate away from passwords in favour of passkey – a new technology that uses biometric sensors, such as face ID or fingerprint scanners, rather than a password. Many modern smartphones and laptops, for example, use facial recognition and biometric sensors to authorise contactless purchasing. This is a form of passkey.
Passkeys are set to replace passwords and be used in conjunction with a zero-trust cyber security model. By doing so, SMEs could strengthen their overall cyber security by removing the threat of a password breach.
Zero-trust cyber security
Zero-trust cyber security works on the premise of not trusting users unless they can be authenticated, authorised and then reauthenticated constantly via several different authentication methods.
This multi-level cyber security approach could be an effective security response to the desire for employees to work remotely, allowing them to do so securely and without relying solely on VPNs.
This rigorous cyber security approach could effectively combat cybercriminals seeking to gain access to private information such as passwords and financial details, such as phishing scams, as well as ransomware attacks, as it automatically assumes whoever is attempting to access any data or information is untrustworthy.
AI-powered cyber security
With AI tools becoming more prevalent in enterprise tools, AI software could analyse data in real-time and recognise patterns of behaviour that could indicate various forms of cyberattacks. These automatic threat detection systems could become vital to SMEs, who may be targeted heavily due to their suspected lower levels of security.
Behavioural biometrics
Similar to body language, even digital behaviour can be analysed and predicted.
Behavioural biometrics is a new approach to cyber security, focused on analysing a user’s digital behaviour through ML and using the information to identify potential hackers or unauthorised individuals who have illegally accessed a user’s account and are attempting to access data and information. This digital behaviour can include behaviours such as scroll speed, mouse movement and typing speed.
Behaviour biometrics could be a valuable addition to an SME’s cyber security arsenal, especially for those who support hybrid or remote working and do not always have a direct line of sight over their employees in a secure work environment.
Decentralised blockchain security
Despite being heavily associated with cryptocurrency and NFTs, blockchain has several potentially positive cyber security applications.
Blockchain is an online distributed database and ledger that stores information with a high level of cyber security, requiring multiple security keys to access it.
Using the blockchain to create a decentralised database, an SME can create a secure, digital “storage box” for sensitive information and data. It can also make secure data unchangeable. And because there is no centralised authority controlling blockchain or its data, it is more difficult for cybercriminals to gain unauthorised access.
ISO 27001 can help your organisation better protect sensitive customer data and information.
Hardened cloud security
Cloud computing offers SMEs the opportunity to compete with larger companies at a fraction of the cost and in less time due to its automation and efficiency. With so much riding on this technology, ensuring it is secure is vital to the daily operation and growth of any SME that uses it.
As cloud technology has advanced, cloud service providers have invested in security. Advancements in cloud security can include multifactor authentication, access controls to only allow authorised users, utilising passkeys rather than passwords, and the introduction of encryption software.
SMEs could implement these new security measures alone or through their cloud service providers.
Discover how ISO 27017 can help you strengthen your cloud data protection.
Cyber security legislation
In order to mitigate cyber security risks and make it harder for cybercriminals to cause damage, several laws have been introduced surrounding cyber security and the responsibilities providers have.
The EU Cyber Resilience Act is a new proposal for cybersecurity regulation across all hardware and software products in the EU to provide customers with more secure and dependable services. This act is designed to inform consumers on how to make more secure technology purchases and to educate them on secure use, as well as to raise the widespread low level of cyber security.
This would be done by providing a number of guidelines software and hardware manufacturers would have to follow to reduce the number of vulnerabilities in their products and make provisions to encourage users to seriously consider cyber security when using products that contain digital elements.
Emerging customer cyber security trends
In the face of developing technology and the evolution of cyber threats as that technology moves forward, businesses could begin to see trends in customer behaviour that mean they may need to seriously consider the practical applications of new cyber security technology and how they plan to mitigate cyber threats.
Such trends could include customers’ needs for increased data privacy and security, with SMEs potentially outsourcing their cyber security measures to expert third-party providers. Making cyber security attack tools compulsory and Irish SMEs opting to take out cyber security insurance could also be included.
Customers are expecting to see businesses of all sizes prioritise customer data protection. To meet customer expectations, Irish companies must move at the same pace as cyber security threats to provide their customers with reliable and secure service.
A solid foundation in demonstrating robust, trusted information security within your organisation is to become Cyber Essentials or Cyber Essentials Plus certified – proving to clients, staff and stakeholders of your commitment to cyber security.
To bolster customer trust, Irish businesses could look at going passwordless, providing employees with IT training to build a culture of awareness, and also becoming ISO certified – a respected, internationally-recognised certification that provides evidence of compliance with cyber security regulations.