The cyber security landscape has changed substantially in the last few years in both scope and sophistication.
What were randomised attacks now originate from well-organised groups, with specialist approaches. With ransomware-as-a-service and AI-driven phishing attacks growing in frequency, it’s a challenging landscape for organisations worldwide.
Damien Mallon, senior systems engineer at Datapac, said the World Economic Forum reported a 72 per cent increase in data compromises in 2023, compared with the previous year, and current trends indicate that 2024 is unlikely to deviate from this trajectory.
“The tactics attackers use have also evolved to bypass traditional defences, such as firewalls and antivirus software,” he said.
“For instance, adversary-in-the-middle (AiTM) attacks enable attackers to intercept credentials even when multi-factor authentication (MFA) is in place — previously considered a robust defensive measure.
“This shift underscores the need for a layered approach to security; that not only combines advanced technologies with human expertise but is also driven as a core, business-level decision,” he said.
Mallon said the big question is whether organisations, particularly SMEs, have the resources to meet these challenges. Most don’t have the resources needed for a dedicated in-house team, meaning the burden falls on internal IT teams not equipped to deal with this.
“Without proper organisation-wide governance, policies and processes, even the best technology cannot keep organisations secure and compliant,” he added. “Cyber security must be embedded in business strategy and fostered at all levels within an organisation, to ensure a resilient defence against today’s sophisticated threats.”
The regulatory landscape is also changing with the NIS2 Directive marking a significant shift for both Irish and EU organisations.
EU members have been slow to incorporate these guidelines and Ireland has yet to announce plans to do so. Mallon noted that the directive only outlines the minimum requirements; each member state retains the discretion to enforce them more stringently if desired.
“For many Irish organisations, NIS2 should serve as a wake-up call,” he said.“It’s no longer sufficient to rely on isolated security solutions; organisations need a cohesive, layered security strategy that holistically addresses cyber security risks.”
“While achieving compliance may pose challenges, this is undoubtedly a step in the right direction.”
It's no longer sufficient to rely on isolated security solutions; organisations need a cohesive, layered security strategy that holistically addresses cybersecurity risks
Mallon advised that even if an organisation isn’t directly impacted by NIS2, it should still assess its cyber security posture sooner rather than later, as the overall aim is to build a unified EU-wide defence against cyber crime.
He also noted the government’ s efforts to help SMEs with this, through its NCC-IE Cyber Security Improvement Grant.
The €2 million fund offers eligible entities up to 80 per cent of their cyber security upgrade costs, up to a maximum of €60,000. While a step in the right direction, Mallon said they would like to see it expanded in the years to come to help empower all organisations, to improve their cyber security posture.
“For organisations considering this option, we strongly advise against navigating this process alone,” he added. “Without a deep understanding of the threat landscape and best practices, there is a risk that these valuable funds could be misallocated to initiatives that don’t meaningfully enhance security or compliance.”
Datapac has significant experience managing cyber security as a managed service provider (MSP). It recently added a Managed Threat Ops service, which delivers 24/7 threat detection and response.
“The introduction of Managed Threat Ops was driven by the challenges we saw our customers facing. As an MSP, we hold ourselves to the highest cyber security standards, including full ISO 27001 compliance, which we have maintained for many years,” said Mallon.
“With a commitment to keeping our customers at the forefront of everything we do, our goal is to elevate their cyber security posture to match our stringent standards,” he added.
Datapac boasts a high level of security and compliance across all its services thanks to the foundational controls, processes, and governance it has in place at the business level. As a secondary layer, it uses best-of-breed security solutions.
Of those tools, AI is gaining popularity as a potential solution, but Mallon warned that it’s a double-edged sword, as both defenders and attackers are using it to enhance their efforts.
“With AI-armed adversaries, organisations must be vigilant in regularly assessing their security posture to ensure it is robust enough to meet modern challenges,” he said.
“It’s also crucial to recognise that AI is not a one-size-fits-all solution. Simply adding the latest AI-powered defence tools won’t guarantee security; these tools must be part of a layered, holistic defence strategy, reinforced by strong organisational policies, governance, and oversight.”
Mallon recognised that the journey to good cyber security practices can be daunting for organisations; but mentioned how Datapac simplified the process by guiding them towards alignment with proven industry standards, such as the NIST Cybersecurity Framework.
“Our Managed Threat Ops service provides the level of 24/7 active threat detection and remediation that, until recently, would have been financially unattainable for most SMBs,” he concluded. “In addition to enhancing peace of mind, this service helps organisations achieve and maintain compliance with regulatory and cyber insurance requirements, ultimately contributing to a more resilient cyber security posture.”