Irish cybercrime rates are growing – so why is cyber confidence growing just as fast?

Cybercrime is on the rise in Ireland, and by far the most reported kind of fraud. So says the PwC Irish Economic Crime Survey that found instances have grown nearly 15% since 2018, and that cybercrime is cited more than twice as much as the global average.

One of the most striking findings sees Ireland at odds with the global trend. Globally, insider-driven (37% of cases) and external sources (39%) of fraud are broadly the same. In other words, as likely to fall victim to cyber crime or other fraud via an insider (such as an employee or business associate) as from an external actor (such as a cyber hacker).

But here, based on a sample of 5,000 Ireland-based respondents, instances of fraud perpetrated externally are three times greater than the insider threat (69% versus 23%). Good news for those who like the idea of being able to trust people they know, but a clear indication that the worst excesses of economic crime come from people and organisations you’ve no idea even exist.

The risks of remote working go up a gear

When it comes to the causes of cybercrime, there is another ‘C’ word that cannot be ignored; Covid. Like on so many occasions in the past when uncertainty and human suffering come to the fore, cybercriminals could be relied upon to spread discord and steal a quick buck.

The big change in working practices, with offices closed down and people forced to work from home for months at a time, is part of this story too. Funny when you think about it, our national economy has embodied ‘remote working’ for years in that Ireland’s global reputation as a bustling hub for economic activity – not least in the technology sector – long ago succeeded in making antiquated notions of ‘place’ irrelevant for countless international businesses. Thanks to unified communications and cloud, the fact that workers are even more greatly distributed changes very little in productivity terms, but it’s a game-changer when it comes to the cyber threat.

Individual and collective responsibility

The finer detail of how this increased threat manifests itself are for other articles to explore. But it should be obvious to conclude that any organisation that relies upon the unique security controls and circumstances of many employees’ home networks, devices and behaviours presents a very significantly increased ‘attack surface’ for cybercriminals to exploit.

Other studies show that by far the biggest type of cyber-attack is borne by emails, attachments and embedded links, often appearing to originate from people who are known to the recipient. These so-called ‘phishing’ attacks may seem primitive but consider for a moment that ‘con-tricks’ remain very successful and fast-evolving – all rely on the same principles of ‘social engineering’ and these are shown to be consistently effective when targeted at remote workers.

Whether a business IT user or everyday tech consumer (they are, after all, the same people), you’re equally tempted to click on a link about government subsidy schemes or supposed shortcuts for jumping the vaccination queue.

Remote working will continue to be a prominent feature in everyday life even after the pandemic is over, but at least there are solutions available to counter this threat and help educate and regularly test workers.

Employers are being encouraged to remain especially vigilant as employees begin returning to work en masse during the coming weeks and months. It is at this point that devices harbouring malware and other nasties pose a critical risk to internal infrastructure.

Digital transformation carries on at pace

The other major technological impact of the last 18 months has been the acceleration in digitalisation among organisations compelled to invest in new ways of reaching and serving customers. This explosion in innovation relies on deploying new technology architectures which, while not necessarily insecure in themselves, mark a departure from the status quo that potentially opens up security holes for cybercriminals to exploit.

Overall, whoever’s figures you use, cybercrime is a gloomy picture to paint. The good news is that vigilance and awareness cost little if anything and can be among the effective cyber defences. Unfortunately, there is evidence that attitudes to cyber risk appear to be softening at precisely the time when action should be getting more robust.

Confidence or complacency?

A new Thales/IDC survey reveals European businesses feel substantially less vulnerable to cyber threats now than a year ago (down from 86% to 68%). That’s 32% of all European businesses that don’t seem to feel vulnerable at all. As the report authors point out, this remarkable sense of security is “at odds with reality”, with peculiar levels of confidence “not supported by data security practices” that were reported by respondents involved in the study.

Part of this confidence may be explained by expected increases in security spend forecast for 2021 and beyond. Around 38% expect to spend more in the next 12 months, and 42% around the same. This is broadly consistent with the previous year, reflecting a sustained effort to shore-up security defences. All very positive, but are they any better equipped?

The survey looks broadly at ‘European’ respondents (the majority at organisations with between 500 and 10,000 employees) with no drill-down into Irish results. However, on the basis that the findings are representative, they indicate some areas of particular concern for us here both now and for the future:

– 48% of organisations have experienced a breach and 28% have been breached in the past year
– 24% have failed a compliance audit in the past year
– 100% say at least some of their sensitive data in the cloud is not encrypted
– Data security is more challenging because of ‘multicloud’ strategies with nearly one-third storing data in more than 50 different SaaS applications
– New technology deployments are the most problematic, with almost all respondents concerned about data security around IoT, mobile payments, big data, containerisation and DevOps initiatives

Looking ahead

In many ways we are privileged to have the insights provided by these major studies, as without them we could only guess at the extent of cybercrime and how well prepared our organisations are to withstand it. By adopting high standards and close scrutiny around data security practices, Irish businesses can continue to demonstrate a commitment to corporate governance that is well established and respected around the world.

A note of caution, however, lies in the fast-moving nature of cyber threats and the technology landscape in which it operates. Today’s well-conceived cyber strategy can, if left in statis, rapidly and inevitably degrade into tomorrow’s cyber blunders – you can be confident of that.

Gerry Sheldrick, Country Manager

Gerry Sheldrick has spent over 30 years working in the IT sector with the last 15 years focussed on cyber security architecture, hardware and software. With a keen eye for ground-breaking technologies, Gerry has focussed his time on disruptive technologies some of which were in pre-IPO status.

As sales director for NextGen, a true value-added distributor, Gerry established a sales base for some now household names. In 2018 he oversaw the acquisition of NextGen by Exclusive Group and was a guiding hand in ensuring the smooth transition for both partners and end users.

Since assuming the role of country manager at Exclusive Networks Ireland, partners and end customers see a continuation of support and value with a now far more extensive vendor base to support growing businesses.