Helping SMEs strengthen and modernise their cybersecurity

Barely a month in, 2024 is shaping up to become a pivotal year for cybersecurity. Not only are the range and scale of threats continuing to grow, but significant laws and regulations are also coming down the line.

The big one in the EU is the Digital Operational Resilience Act (Dora), which will come into effect on January 17, 2025. This regulation aims to boost the digital resilience of the financial sector and requires organisations to strengthen their defences to ensure the security of their network, IT systems and integral operational processes.

Much like how GDPR focused the minds on how data was collected, processed, and used, Dora is designed to help organisations understand their critical business infrastructure and ensure good protection against risks.

The NIS2 Directive, which came into force in 2023, modernised the existing legal framework to ensure the EU is keeping up with the ever-evolving cybersecurity threat landscape.

This backdrop is where the Renaissance Cyber Expo and Conference Ireland 2024 takes place. Happening on Thursday 18th April at the Leopardstown Pavilion in Dublin, the free event brings together industry leaders, significant organisations, and players in cybersecurity to inform, educate and demystify the space.

We need to bring people's awareness up to the right level because the bad guys are much more sophisticated

Now in its seventh year, having started in 2017, Cyber Expo Ireland keeps the industry up to date on the latest developments in cybersecurity and technology.

"Good security is good business," said Michael Conway, director at Renaissance. "Much like how motorbikes made helmets mandatory, it's to keep you safe."

"They're there because if you look at critical national infrastructure in financial, health and education systems, we all rely on those, so they will regulate those to ensure the Irish and EU population is protected sensibly.

While most organisations will fall into the SME category, they may not be liable for some of the regulations, but that doesn't mean you shouldn't try to follow the guidelines and regulations, says Conway. Doing so can make your business more secure and robust as it's compliant with regulations.

Not to mention that SMEs have every chance of being hit by a ransomware attack, which can destroy an organisation if they're unprepared.

"We've seen with smaller businesses that when they're hit with a ransomware attack, the hit can take them out," he explained.

"If that happens, there may not be a regulation saying you should have protected yourself, but there's nobody else there to pay for it, and you can't rely on insurance as it's only useful if you've taken a reasonable level of precautions."

Important cybersecurity information

A small change to the Expo and Conference is it's taking place a month earlier, in April rather than May. While this is partly due to Easter taking place in March this year, it also ensures that people get important cybersecurity information earlier than usual, which can make all the difference regarding the likes of DORA.

"It's preferable to bring this to people's attention earlier rather than later," mentioned Conway. "There's a logistical reason as well, but getting the information out to people as soon as possible is paramount."

"If you look at DORA, for example, it will be coming on 17th January 2025, and as the deadline approaches, the risks won't get lighter or easier to manage, so we're continuing to drive that message and get it across.”

Evolving the conference streams

The last few years have seen a significant evolution in how we think about cybersecurity, moving from on-premise concerns to a more holistic approach.

Much of the drive is towards compliance and maturity of services. Regulations like DORA and NIS2 will not only raise the standards across the board, but they will also push other areas.

The importance of the human factor in an organisation lies in ensuring that people are well-trained and fully aware of effective cybersecurity measures, through regular Security Awareness Training (SAT), an area that has become increasingly prevalent in recent times.

Operational Technology (OT), the Internet of Things (IoT) and access management are also areas that are gaining attention as the level and sophistication of threats continue to increase.

This is reflected in the conference streams the Expo will be hosting; DORA and NIS2 will feature prominently as organisations must tackle these requirements sooner rather than later.

Significance in society

There will also be a stream dedicated to the health sector, given its significance in society, and the recent attention it has received as a result of the HSE falling victim to one of the most significant ransomware attacks in Irish history.

There will also be a focus on the education sector and on the human factor, concentrating on areas like Identity and Access Management (IAM) and Security Awareness Training (SAT).

In short, the days of focusing on malware and protecting emails and perimeters are long gone, instead focusing on holistic methods of keeping entities safeguarded and secure.

Conway summed up the focus of the Expo by saying: "We're looking at organisations and how they become cyber secure and compliant. And it's not just about adhering to best practices, organisations must embrace compliance and grow with the evolving regulations.

"We're seeing that DORA is going to be a big thing this year, as will NIS2, and for sectors like health and education, there will be major challenges."

The human factor is a constant concern as malware and ransomware attacks tend to happen by targeting specific people or hoping that someone under pressure will click through.

Conway mentions that this happens because people aren't trained or educated on what needs to be done, so a critical element is bringing up their awareness and your own.

"We need to bring people's awareness up to the right level because the bad guys are much more sophisticated," he explained. "Modern attacks are really targeted at vulnerable people; they pick, profile, challenge, and attack, and they will bring those organisations down."

"The reality is we need to try and help people sooner rather than later."

Another area with a dedicated stream is how managed services are delivered and how they evolve to support Irish businesses and organisations.

What's been a challenge for quite a while is the shortage of cybersecurity personnel out there, meaning that companies need to have significant resources to keep a qualified team of security experts or rely on a managed service provider (MSP). With greater reliance on MSPs, the focus will be on how to leverage this partnership best to benefit both parties.

Similarly, there will be a stream on cybersecurity in the public sector, a pertinent area considering how many essential functions of society are now digitalised. The impact of a successful attack in areas like electricity, water, and other utilities is enormous, and with regulations like NIS2 focusing on critical national infrastructure, there will be fewer excuses for not shoring up defences.

"Those sorts of regulations are out there to be complied with and make people more secure," said Conway. "If you take the impact of the hit of the HSE, ultimately, people will have suffered because of the downtime, and it's not an inconvenience; the impact is huge.

"Others like DORA focus on financial infrastructure and the backbone of the country, the operational resilience for those organisations throughout the whole country. It's huge and absolutely key."

Something for everyone

The Cyber Expo and Conference will adapt and develop alongside the advancements in technology, changes in the environment, and shifting requirements.

While the subjects and areas of focus have evolved significantly since 2017, the core of the event remains the same: To be as accessible to as many people as possible.

Renaissance aims to ensure that all attendees get the most information and value out of it. Experienced people may know what talks to go to and what organisations to speak with, but for those who are new to the industry, much effort has been put into making it easy for them to find their feet or be pointed in the right direction.

This ethos has driven the Expo and Conference forward and will continue to do so in the future.

The critical thing about the Cyber Expo is it's available to everybody," stated Conway. "Anyone can register, walk in and have a look; there's no charge for doing so."

"The focus of the Renaissance team is being accessible and available to everyone so anyone can talk to us. If you want to know where to go or who to talk to, we'll point you in the right direction."

"Our role is to chaperone people around and introduce them to the relevant people because there are some things you won't know out of the gate. If you're an Irish SME and you say this is your challenge, we'll introduce you to people who can assist you."

"We won't be looking to introduce you to people talking about enterprise-type technology and things like that. We want to get people who are relevant to you, and that's really important to us."

That said, the average attendee has become savvier and more aware of their roles and responsibilities with security and the threats out there. With attacks having a more significant impact than before, most organisations know they need to be in better shape to help protect themselves and any third parties they're linked with.

This maturity is reflected in the conference streams themselves, which have come a long way from the focus on email compromise and ransomware when it first started.,

"There's a lot more out there to understand," said Conway. "There's a lot more understanding that the environment and challenges are different out there."

"The people coming to the event will be more experienced in their thinking, but we will also welcome people who say, 'I really don't know what to do here'.

With technology now an ever-present part of life and vital to our day-to-day operations, it's crucial that organisations take note of what is happening now and coming down the line.

Even if an attendee is unsure about where to begin, the Expo and Conference provides a wealth of expertise on-site, guiding them towards the right path.

"We say come along to the event because we'll have vendors from all over the world," said Conway. "We'll also have our Irish partners who are providing a managed service at a local level, and they can interpret the needs that businesses and organisations have in Ireland and advise how they can be addressed and supported. It makes a massive difference."

"You don't have to be the most knowledgeable person out there; you just need to be cognisant that there are threats and challenges out there and there are people who can help you."

The conference streams will contain topics relevant to IT executives and other decision-makers. When coupled with the opportunities to chat with industry experts on the Expo floor, Cyber Expo & Conference Ireland 2024 is not to be missed.

To register visit cyberexpoireland.ie.