An alarming 71% of Irish enterprises faced a cyberattack last year, marking an increase of 22% since 2022, as reported by global insurance company Hiscox. As per the latest Cyber Readiness survey, Ireland ranks the highest among 20 surveyed countries, concerning the average count of attacks. Hackers usually break in via the corporate-owned servers (57%), resulting most commonly in economic loss due to fraudulent payment diversion (43%).
However, the financial impact of these cyberattacks on Irish firms is relatively nominal, with more than half of the surveyed companies implying an annual financial loss of under €10,000. Interestingly, Ireland also stands as the country most likely to comply with ransom demands in cyberattacks, at a striking rate of 77%. Despite paying ransoms, merely a third of the victims managed to retrieve their complete data, and a sizable 31% were confronted with additional ransom demands. No wonder, among all the surveyed countries, Ireland boasts the highest ownership of cyber insurance.
As Sam Glynn from Code In Motion, a cybersecurity consultancy, notes, dealing with the cybercrime threat calls for a focus on ‘PDA’ – People, Devices, and Accounts. He highlights that human error often poses the most serious point of vulnerability. Scams such as phishing and CEO invoice fraud rely heavily on this element of trust.
Glynn further states that cybercriminals are leveraging artificial intelligence to enhance the credibility of their scams. Mass-text scams like the ‘eFlow’ one mimic formal communications convincingly using generative AI. For high-value targets, scammers employ digital tools to learn about their communication styles, contacts, and subjects of discussion to tailor their fraudulent communications accordingly.
Malicious individuals are progressively utilising deepfake videos to convincingly mimic individuals, producing real-time dialogue that greatly resembles a genuine conversation, according to Glynn. To counter this, employee training and awareness are of utmost importance. One protection method could be setting up a unique password or facial expression, recognised only by office staff, that will help prove the identity of a person during a video call. This could also be implemented within families, adds Glynn.
Referring to traditional measures as being significantly effective, Glynn notes that requesting a call back or an in-person meeting can successfully remove the pressing element often induced by cybercriminals. Fraudulent parties are known for inserting this urgency in their misconduct, for instance, making a child message their parent, falsely claiming they misplaced their phone and need funds for a new one.
Proper precautionary procedures need to be established to avoid falling victim to these scams, says Glynn. An effective process might involve two persons authorising actions, thus demanding a scammer to deceive two people rather than one.
In connection to hardware such as laptops and mobile devices, once they are updated with the latest software and patches, the primary cybersecurity risk lies in device loss or robbery. Glynn suggests password protection as the optimal preventative measure, transforming a stolen device into a worthless brick for its illegal possessor. It is crucial, he stresses, to implement this ahead of any potential incident.
When referring to online accounts, Glynn publicly questions the motives behind apps requiring users’ date of birth details – apart from age verification purposes. He recommends creating a fictitious one. Further, he emphasises caution when handling client information, noting that the surge in AI technology has led to personnel entering sensitive client details into chatbots for intellectual business explanations and display. However, this raises serious GDPR violation concerns as these platforms could potentially reproduce the entered information at a later date.
Glynn advises that the information you input into an application might potentially be accessed by undisclosed third parties. Hence, it’s prudent to thoroughly inspect the terms and conditions.