New Microsoft Research: How Organisations in Ireland are Navigating the Cybersecurity Threat Landscape

‘Cybersecurity Trends in Ireland 2023’, a new Microsoft study, delves into the cybersecurity trends in Ireland in 2023, shedding light on the vulnerabilities, experiences, and perspectives of C-suite executives in the face of growing cyber risks.

“Cybersecurity challenges persist across various industries in Ireland, exacerbated by the absence of comprehensive defence strategies within organisations”, said Kieran McCorry, National Technology Officer, Microsoft Ireland.

Despite efforts to integrate cybersecurity training and skills, the study reveals that true resilience demands ongoing evolution and substantial investment in technological solutions.

Alarmingly, 46% of respondents experienced one or more cyber incidents in the last three years, with 30% facing data breaches. However, only 14% reported these incidents to the National Cyber Security Centre (NCSC) or the Data Protection Commission (DPC).

While 20% of leaders in Ireland saw a financial loss as a result of a cyberattack, the impact of cybercrime goes beyond figures, jeopardising the reputation of organisations. It is therefore positive to see that 74% of organisations have maintained or increased their spending on cybersecurity and 57% conduct regular cybersecurity training. That said, a notable portion lack critical strategic processes for defence. Only 44% conduct risk assessments, 38% employ a multi-layered strategy, and merely 31% have a practiced IT business continuity plan. Therein lies the biggest challenge now for executives in Ireland – investment is required in a strategic response that is led by the entire organisation, that incorporates new methods and solutions to stay one step ahead of bad actors. The following highlights two areas where leaders need to focus their efforts.

Work Email Compromise: A Top Concern.

The research highlights a particular concern among Irish executives – email compromise, identified by 38% as the most significant threat. Email compromise emerges as a sophisticated scam targeting both organisations and individuals involved in fund transfers. The attackers exploit social engineering or intrusion techniques to compromise legitimate work email accounts, leading to unauthorised fund transfers.

Email compromise activities often involve tricks like financial fraud, internal phishing (tricking people within an organisation), and sending lots of spam emails. Within Microsoft’s Digital Defense Report 2023, published recently, experts from Microsoft Defender warn that attackers are getting cleverer by pretending to be legitimate third parties to trick people into financial transactions. They also mention phishing campaigns within companies that target many people and disruptive strategies for sending out a large number of spam emails. As Microsoft's online services get better, bad actors change their methods, focusing on using online tools and taking advantage of trusted internal connections. The Microsoft Digital Crimes Unit (DCU) points out that there's a growing problem of people misusing online services, especially with attackers using fake domain names and Microsoft 365 services at different stages of email compromise attacks.

Generative AI as a defence against social engineering and identity threats.

Emerging technology, such as generative artificial intelligence (GenAI), is accelerating the innovation curve of modern social engineering, particularly phishing techniques, and escalating its threat to our digital society. To stay ahead of phishing and other types of cyberattacks, organisations must train their people to recognise phishing and social engineering tactics, so they don’t fall prey to them. They should also build AI-driven defences. Signal-driven detections that rely on machine learning and AI to recognise attack patterns and anomalies in user behaviour are already a de facto standard for enterprise-grade and government grade security defences.

Yet, according to ‘Cybersecurity Trends in Ireland 2023’, organisations in Ireland have yet to fully understand and embrace how AI can support their cyber defence strategy. Just 14% of organisations use AI-enabled technologies within their IT security strategy. That said, almost a third (30%) of leaders are unsure if they are in fact using AI technologies for cyber defence, so the reality may in fact look at bit different.

In order to combat and build resilience against this increasingly sophisticated cyber-criminal activity, both IT security professionals and leaders across all industries need to understand how they can incorporate Generative AI into their security infrastructure. To build, deploy, and manage AI-driven security systems, organisations need to train defenders on how to use AI tools effectively, e.g. prompt engineering. These teams in turn need to customise and enhance AI engines to optimise them for securing their specific environments.

Public-private collaboration should be another key focus for organisations so that we are bringing to bear the best technological and regulatory tools to combat cyber aggression, for all sectors and operating environments. We need deeper alliances in the private sector and stronger partnerships between the private and public sectors. In Ireland we see impactful collaborations with the National Cyber Security Centre (NCSC), industry, and academia that provide a robust ecosystem that can be built upon and leveraged in the future.

Irish organisations face a dynamic and evolving cyber threat landscape in 2023. While ‘Cybersecurity Trends in Ireland 2023’ highlights commendable efforts in maintaining cybersecurity spending and providing regular training, there's a pressing need for a comprehensive, strategic approach. Awareness of impending legislation, adoption of AI technologies, and a collective commitment to public-private collaboration will be crucial in safeguarding Ireland's businesses against the ever-growing spectre of cyber threats. As executives grapple with the challenges of an interconnected digital world, proactive measures and innovative defences will play a pivotal role in shaping a resilient cybersecurity future for Ireland. For details see: Microsoft’s Digital Defense Report 2023