Cyber Security & Business Resilience IE - Q1 2023

Cyber Security & Business Resilience

Dr

Page 06

Creating resilience in Irish multinational companies for economic growth

Multinational companies* (MNCs) in Ireland account for €30.7 billion spent in the Irish economy and account for an estimated 70% of all corporation tax paid to the Exchequer.

Simon Coveney TD

Enterprise,

& Employment

Page 08

There are almost 1,800 IDA client MNC operations in Ireland today, and almost half of them have been in Ireland for 10 years such as Google, Amazon, Facebook and eBay; and one-third for 20 years or more such as Pfizer, Intel and Medtronic. These companies have longevity, resilience and commitment to Ireland and persistently look for ways to grow their Irish sites and continue to transform their business model and overall activity in Ireland.

For the last 70 years, we, at IDA Ireland, have partnered with existing multinational subsidiaries in Ireland to support their efforts to continuously transform their activities and grow their presence. This focus is a key element of our strategy to build a resilient MNC base in Ireland to impact positively on the overall economy.

How does the State support multinational companies IDA’s strategy specifically focuses on transformation as a key pillar by partnering with client companies for future growth and supporting them to increase their productivity, resilience and innovation capacity.

Page 10

We partner with clients, providing a range of services that help them to access the mature and extensive Irish ecosystem for skills development, innovation, sustainability and research. Most recently, we launched a set of online self-assessment diagnostics for client companies to help them discover their current and target level of innovation and digitalisation (Innovation Scorecard/Advanced Manufacturing Diagnostic/ Digitalisation Diagnostic for Services).

The diagnostics will help companies identify their

current and targeted state in these areas and help them to remain leaders among their peers and retain their focus on continuous improvement and transformation. Addressing MNC needs is enabled by digital, disruptive and sustainable technologies accessed through excellent Irish solution providers in this space.

How multinational companies contribute to Irish society

One of the most unique things about the MNC community in Ireland is the way they contribute to Irish society beyond their financial and job creation contribution. They talk to new investors about their own successful journey in Ireland, contribute to networks and open their doors for site visits by other companies for learning opportunities. They are often thought leaders for Ireland in a range of areas like productivity and innovation — and this is just the tip of the iceberg.

IDA Ireland is the State agency responsible for attracting foreign direct investment into Ireland.

*Preliminary 2021 Annual Business Survey of Economic Impact results.

Breda O’Toole Head of Talent Transformation & Innovation, IDA Ireland

Aimee Rayment Content Editor: Angelica Hackett O’Toole | Head of Digital Operations: Harvey O’Donnell Paid Media Manager: Jonni Asfaha Social & Web

Editor: Henry Phillips Digital Assistant: Carolina Galbraith Duarte All images supplied by Gettyimages, unless otherwise specified

“Ireland can be proud of the steps it has taken so far in the journey to net zero.”

Minister for

Trade

“Digital transformation starts with storytelling.”

Mary Cleary Secretary General, Irish Computer Society

“Ireland can be a global leader in cybersecurity talent, innovation and solutions.”

Eoin Byrne Cluster Manager, Cyber Ireland

They talk to new investors about their own successful journey in Ireland, contribute to networks and open their doors.

Building a skilled talent pool for a safer ‘cyber future’

Building a robust defence against nationwide cyberattacks requires inspiring young minds to pursue cybersecurity careers and closing the skills gap in the current marketplace.

Cybersecurity is increasingly essential as the demand for online protection becomes more urgent than ever, says Dr Christina Thorpe, Head of Cybersecurity at TU Dublin. “There’s a huge and growing dependence on technology within society, but there is also a growing number of hackers and cybercriminals that see this growth as an opportunity to exploit technology, steal data and gain financially,” she says. “In simple terms, we’re becoming more vulnerable and they’re growing in number and becoming more sophisticated.”

This demand for better risk management and more cybersecurity professionals means career prospects for new graduates are soaring, says Thorpe. The challenge is trying to fill that skill gap. “There’s a deficit of talent across the board globally and in Ireland,” she says. “There are thousands of unfilled vacancies every year in Ireland. Globally, that would be millions.”

Choosing your course

In responding to the challenge of closing the skills gap and building resilience in the market, TU Dublin has taken a flexible learning approach.

Students can take courses leading to certificates, diplomas, degrees and master’s qualifications. “It enables people to upskill or reskill in a way that suits their current lifestyle,” says Dr Anthony Keane, Head of School of Informatics and Cybersecurity.

Budget-friendly, online Springboard-funded courses are offered for the unemployed or those seeking to re-enter the workforce and covering a range of in-demand roles in cybersecurity,” Dr Keane says. “These courses have contributed greatly to strengthening the resiliency of people’s employment and the cyber defence of companies.”

Training for companies

Forging collaborative partnerships with companies is another way for educational institutions to help upskill the current talent pool through in-company training. “It empowers employees to become cybersecurity champions within their teams,” Dr Keane says.

“Cybersecurity practices should become second nature within a company. We need to develop an automatic response to cyber threats, similar to how we instinctively take safety measures in everyday life.”

The University provides courses tailored to the companies’ particular needs and through the Collaboratory, can deliver professional in-person SOC analyst training. “It’s a very effective way for companies to get the training they want with the people they need to be trained,” says Dr Keane. It also helps ensure companies are able to meet current and new EU legal requirements.

“These regulations fuel further demand for cybersecurity professionals as companies strive to demonstrate compliance with baseline security standards,” he says. “The risks of not doing so are high. The regulations could impose fines and newer regulations could even allow for the imprisonment of company directors who fail to meet standards.”

Education for companies also goes beyond the campus, says Dr Keane, in the form of The Cyber Skills Project which is a nationally-funded project from the HEA HCI Pillar 3 scheme and is designed to deliver specialised training for specific cybersecurity job roles. TU Dublin partners with MTU and UL to deliver professional level courses with cyberattack simulations in a cyberrange such that students experience handling both offensive and defensive strategies in a safe environment.”

Early cybersecurity learning

Building cyber resilience in the market can start with secondary school students, says Dr Thorpe. The University runs summer camps aimed at children aged from 13 to 17 years old. “It’s about instilling an awareness and a belief that a career in cybersecurity is a possibility and showing them what it’s about,” she says.

“It helps undo any stereotype they may have such as cybersecurity is boring, or it’s just for boys — or it’s a job where you stay at a computer all day. It shows them that cybersecurity is actually varied, interesting and doable.”

These courses have contributed greatly to strengthening the resiliency of people’s employment and the cyber defence of companies.

The central role of digital technologies in Ireland’s social and economic life — and our dependence on the systems that host them — means a robust and resilient cybersecurity ecosystem is vital.

Cybersecurity is increasingly becoming a focal point for many Irish organisations that are aware of the impact a cyberattack may have on their operations — both their day-to-day business and their reputation. Acknowledging this, the National Cyber Security Centre (NCSC) has, among its fundamental driving principles, both the protection of the State from cyber threats and the simultaneous development of resilience within its realm.

Objectives of the cybersecurity strategy

Our National Cyber Security Strategy 2019–2024 sets out a range of collaborative measures to enhance the cybersecurity and resilience of public bodies, providers of essential services, businesses and households to support the continued development of the cybersecurity industry and research community — and to ensure Ireland plays an active role in the international discussions on the security and stability of a free and open cyberspace.

Some of the key objectives of the Strategy include:

• Continuing to improve the ability of the State to respond and manage cybersecurity incidents, including those with a national security component;

• Raising awareness of the responsibilities of businesses around securing their networks, devices and information, and;

• Driving research and development in cybersecurity in Ireland, including by facilitating investment in new technology.

Reviewing the strategy

A mid-term review of the Strategy is currently continuing, with public feedback from interested parties sought throughout a consultation period. The consultation period highlighted achievements to this point along with possible future measures for the remaining years of the Strategy.

The review will also lay the groundwork for an ambitious successor to this Strategy for the post-2024 period, which will fulfil the State’s obligations as set out in the proposed successor to the EU Network and Information Security Directive (NIS2).

Broadening the network and information security directive

A major focus of the National Cyber Security Centre for the forthcoming two-year period will be on the transposition and introduction of the NIS2 Directive.

This will require a continued whole-of-government approach to harmonised, high-level cybersecurity controls across public bodies, critical infrastructure and important industry sectors.

Collaborative work across sectors

The country must take the opportunity provided by this forthcoming process to work in concert with its European neighbours, our United Kingdom colleagues and public and private organisations throughout the country to continue to improve general security awareness and establish good security practices both within the public and private sector.

Creating a robust national cybersecurity ecosystem: what we are doing about it

Dr Richard Browne

Director, The National Cyber Security Centre

Continuing to improve the ability of the State to respond and manage cybersecurity incidents.

~Dr Richard Browne, Director, The National Cyber Security Centre

small businesses should learn the skills to improve their cybersecurity

All businesses are at significant risk of cyberattack — including SMEs. However, they can protect themselves with the right training and a more proactive cybersecurity approach.

Most small and medium-sized enterprises (SMEs) are only too aware of the risks of cyberattack, notes Donna O’Shea, Chair of Cybersecurity at Munster Technological University (MTU) and Project Lead at Cyber Skills — a nationally-funded project which aims to address the cybersecurity skills shortage.

Rising cybersecurity threats to SMEs

According to the cybersecurity consortium SMESEC, 60% of all cyberattacks in 2016 were aimed at small businesses. What’s more, 60% of SMEs who fell victim to attack did not recover and shut down within six months. Despite these statistics, SMEs don’t always address

cybersecurity matters properly — and for various reasons.

“Some business owners may lack the confidence and technical abilities to respond to cybersecurity risks,” says O’Shea. “Others downplay the issue and ask: ‘Who would try to hack my business anyway?’ But if their database of clients’ personal information suffers a breach, that’s a major GDPR compliance issue.”

There’s also a lot of cognitive dissonance surrounding this topic, admits O’Shea. “There’s a tendency for SMEs to think: ‘Yes, our business is at risk — but we’re going to forget about it.’ We need to change their mindset to: ‘Yes, our business is at risk — but we can respond to it properly with the right skills and training.”

Removing the mystique around cybersecurity

Cyber Skills has developed Cybersecurity for Business — a relatable workshop series delivered by industry experts. This has been designed to provide business owners with the key knowledge and skills to protect themselves against cyberattacks and remove some of the mystique surrounding the subject.

Being proactive about cybersecurity

For too long, businesses have been taking a ‘defensive and reactionary’ approach to cybersecurity — with firewalls, intrusion detection systems and anti-viruses doing all the heavy lifting. While these are all important safety measures to have in place, by the time a system reacts to a breach, the damage has already been done.

“Instead, we urge businesses to take a ‘predictive and responsive’ approach to cybersecurity,” explains O’Shea. “The workshops help them identify where their biggest risks of attack might be. We apply well-known models, tools and techniques and show SMEs how to create an incident response plan and a business continuity plan — tailored to their needs — so that, in the event of an attack, they can get up and running again as quickly as possible. Ultimately, businesses must start thinking about cybersecurity in a more structured and proactive way.”

Helping organisations to securely harness the power of the cloud with SASE architecture

Security challenges have increased dramatically with the rapid evolution of the modern workplace and the introduction of hybrid and more flexible work practices. Meanwhile, SASE architecture offers a solution.

Employees who suddenly needed to work remotely were likely doing so on unprotected networks and, in an effort to cater for this new reality, the first port-of-call was to beef up device security with full monitoring solutions such as Endpoint Detection and Response (EDR).

Working without SASE

Organisations have quickly moved away from physical office infrastructure; and with the now widespread adoption of Software-as-a-Service (SaaS) applications to support the decentralised workplace, many are using their applications directly in the cloud and often without sufficiently protecting their users, devices and critical data. In turn, the role of the firewall as the barrier between an organisation’s network and outside threats has been somewhat overlooked or remains tied to physical networks or infrastructure.

Single-pane visibility

Secure Access Service Edge (SASE) technology incorporates a suite of security services that bring remote users and devices back into the security fold. SASE reimagines the traditional firewall for the modern workplace by offering a cloud-based firewall which provides control and visibility of all device connections and creates a single gateway to the organisation’s network.

This also integrates with a background app which continuously assesses for potential threats and vulnerabilities. Effectively, SASE enables organisations to fully manage their cybersecurity even more easily and comprehensively than when everything sat behind an on-premise perimeter.

Other SASE features include Zero Trust Network Access which enables tighter access controls to data and applications, as well as advanced endpoint protection which works hand-in-hand with cloud-based firewalls. In addition, SASE provides internet access policies, data loss prevention and full control over third-party SaaS applications. The solution can also extend into and connect branch offices, providing single-pane visibility of all users and devices running through the cloud.

Protecting critical data

HCS and Fortinet are enabling organisations to comprehensively manage their cybersecurity and benefit from the flexibility that the cloud has to offer with a SASE product suite, underpinned by Fortinet’s leading FortiSASE software. The proactive and cost-effective solution is ideal for modern Irish businesses that use or have migrated to SaaS applications and operate a hybrid work approach. HCS is an accredited Fortinet partner and reduces risk by building security into everything it manages for customers.

Why

Cybersecurity is a leading risk facing businesses over the next decade

From the many potential threats to organisations, cyber incidents — such as data breaches and ransomware attacks — have gradually become more important risks as digital technologies have become integral to businesses.

Cyber resilience is the alignment of prevention, detection and response capabilities to manage, mitigate and move on from cyberattacks (Ponemon Institute). Companies, the insurance industry and analysts have been evaluating the main perceived risks for businesses.

Major threat to organisations

According to the recent World Economic Forum (WEF) ‘Global risks report 2023,’ the threat of widespread cybercrime and vulnerabilities in cybersecurity are among the top 10 most severe risks facing businesses, governments and the public over the next decade.

These cyberattacks are predicted to impact all sectors and organisations from agriculture, water, financial systems, transport and energy infrastructure — to attacks on undersea or space-based communications infrastructure. This is evident at present from the Russian war on Ukraine targeting communications, financial websites and electricity grids.

Growing cybersecurity demand

During the Covid-19 pandemic, we saw the rapid acceleration of digital transformation to maintain business continuity and service delivery. While this has brought many benefits and efficiencies, it has also opened up new security challenges, risks and vulnerabilities.

The need for cybersecurity and cyber resilience has

never been greater. However, with the current economic downturn, companies are asking how they can do more with less, which will impact IT and cybersecurity budgets, particularly for SMEs. We must keep cybersecurity at the forefront of every business, government and citizen in Ireland: cyber resiliency is critical to business resiliency.

Cybersecurity in Ireland

Cyber Ireland is the national cybersecurity cluster organisation, set up in 2019 to support the growth of the cybersecurity sector in Ireland. The cluster is hosted at Munster Technological University, which was recently hit with a cyberattack in 2023, and has the backing of the Government including the National Cyber Security Centre.

Our vision is that Ireland can be a global leader in cybersecurity talent, innovation and solutions. From our ‘State of the Cyber Security Sector 2022’ report, we know that all the required ingredients are present. There are 490 companies in the sector employing almost 7,500 professionals, contributing €1.1 billion to the economy annually.

By 2030, the sector could support a further 10,000 jobs and contribute €2 billion in gross value added (GVA) annually. This vision requires a collaborative approach from industry, academia and the Government, to ensure Ireland is a safe and secure place to do business and becomes a leading cybersecurity hub globally.

Our vision is that Ireland can be a global leader in cybersecurity talent, innovation and solutions.

We must keep cybersecurity at the forefront of every business, government and citizen in Ireland: cyber resiliency is critical to business resiliency.

How Irish cybersecurity education programmes can encourage and foster future talent

During its transformation as a global edge-to-cloud company, Hewlett Packard Enterprise (HPE) has continued to expand and evolve its security functions and offerings to ensure that customers, partners and their data stay protected.

Prepared cybersecurity talent

Ireland’s contribution is critical to the company’s security, with the largest hub of both physical security and cybersecurity and digital risk management (CDRM) professionals globally sitting in Galway, supported by global business resilience and continuity management experts in Leixlip.

The team of over 50 experts manages the implementation of world-class cyber detection and response capabilities, robust business resilience and continuity management processes, ensuring that the company is prepared to respond to any kind of threats or attacks, including data and physical security breaches and geopolitical threats.

Tailored course content

The key to success is the talent HPE has attracted and nurtured throughout the years, actively recruiting candidates with a keen interest in cybersecurity — who may not already have relevant qualifications. Candidates are given the opportunity to do a relevant master’s degree in partnership with the Springboard initiative. At the same time, the company is working closely with multiple higher-education institutions, helping them create and tailor course content for practical application in the industry.

Going to Galway to learn how to deal with cybersecurity threats

Cybersecurity is vital for organisations in all sectors now, and there is a way for graduates in all disciplines to get training.

Cybersecurity careers are not just for IT graduates. Now, University of Galway is opening up careers in this growth area to graduates in any subject.

Tom Acton, Professor in Business Information Systems at the university’s School of Business and Economics, says: “You don’t need an IT-related degree to take our one-year MSc in Cybersecurity Risk Management, but you do need some exposure to information technologies, otherwise, you won’t know if it’s right for you.”

“Candidates write a personal statement that shows their motivation for the programme and how they envisage it helping to progress a career.”

Applications now open The course starts in September

Practical cybersecurity education Initiatives focusing on cybersecurity education have been extremely successful, with senior members joining forces with academic teaching staff, blending academia and industry and giving future cyber graduates a taste of what security looks like in an enterprise setting.

Programmes — like the ‘returnship’ programme, which encourages people who have taken a career break or time off to raise a family to return to the workforce, and the ‘reboot programme’ which provides training for lateral entrants in an array of security disciplines — remove barriers to entry for people wishing to kick-off their cybersecurity career.

“Initiatives like these are pivotal for us and will become imperative as we, as an industry, are facing an increasing skill gap,” explains Ray McGann, managing director, HPE Ireland.

“We need to actively invest in building our national pipeline through STEM programmes and involvement in school systems, encouraging future talent — especially young girls — awakening their interest and passion for the topic. I am proud of the success we see, especially the Ireland team’s work with local partner schools, showcasing opportunities the cybersecurity profession offers. Our message to everyone interested in working in the field is: Anyone with passion and determination can be successful in cybersecurity. Don’t let a lack of experience or qualifications deter you.”

Ready for cybersecurity threats

The need is high for people with cybersecurity skills to meet future threats and aid with strategic planning. “There’s huge growth in the incidence of international hacking, data theft, ransomware attacks and attempts to throw elections,” says Acton.

“We hear about the big cybersecurity attacks, but small companies are targets too — sometimes not making the news headlines.”

Great career prospects

and offers 30 places to graduates in Ireland and worldwide.

“We aim to create strategic thinkers who can understand cybersecurity threats, manage resources, implement solutions and effectively communicate these to senior decision-makers in order to support the strategic growth of a business,” says Acton.

The course covers programming, systems development, cybersecurity ethics and law, risk management, ethical hacking, tools and techniques to prevent malicious hacking, recovering systems after attacks and how to persuade organisations to take preventive action.

Students will also boost employability through cyber knowledge acquisition and interactions with experts in the wide range of companies in Galway.

“Companies are becoming more proactive as they realise that prevention saves money and reputational damage, so the career opportunities can only grow — and it can be a well-paid option,” explains Acton.

It’s worth highlighting that the course is offered by the School of Business and Economics, he adds. “Demand for these skills is not limited to the tech sector. It’s growing across all sectors including banking, retail, health and the public sector.

“Many organisations do not yet understand how to deal with the constantly evolving threats, so we aim to create skilled people to help — as employees or consultants. This MSc will help make more graduates employable in cybersecurity,” he concludes.

Small steps to decarbonisation can lead to big benefits

Ireland’s economic story will be defined by the twin green and digital transitions. These transitions can be mutually reinforcing; technology and data will help achieve sustainability goals while the sustainability imperative will unlock new opportunities and markets.

This year, I am undertaking a series of ‘Building Better Businesses’ events around the country, with a focus on these themes. I believe that the transition to a low-carbon economy is akin to an industrial revolution for the 21st century.

Climate and the economy have been thought of as separate and disconnected. Today, we know that they are now fundamentally intertwined. The imperative for climate action will change the way we design, produce and consume the goods and services we use.

Start your decarbonisation journey

I am challenging all businesses to understand their carbon footprint — the emissions associated with their energy use, transport, supply chains or services — and to start taking meaningful steps to decarbonise.

Consider replacing a fossil fuel boiler with a heat pump, reducing packaging, sourcing locally or rethinking your services to include resource efficiency or ‘circular’ use of materials. Enterprise Ireland, IDA Ireland, SEAI or the Local Enterprise

Offices can support you to get started. The Climate Toolkit 4 Business (climatetoolkit4business.gov.ie) can point you in the right direction. Decarbonisation is not only an environmental necessity; it is now an economic one as well. Decarbonising existing industries while enabling growth and innovation in green sectors is therefore the priority. I don’t see this as a threat to our competitiveness; the risk now lies in not taking action and embedding the green transition in every sector of our economy.

Economic and societal impacts

Ireland can be proud of the steps it has taken so far on the journey to net zero. We are now moving to the implementation phase,

converting ambition into action. The commitment to climate neutrality by 2050, the introduction of carbon budgets, the establishment of the Sectoral Emissions Ceilings and the implementation of Climate Action Plans to meet these targets are all critical steps towards decarbonising our society and economy. Decarbonisation will lead not only to lower emissions; but better jobs with better pay, warmer homes, cleaner air, cheaper and more secure energy in a prosperous, resilient economy. Governments alone cannot solve the multi-faceted challenge we face — the private sector is critical to the net zero transition. Investment and innovation will fast track low-carbon technologies to mass-market solutions. Businesses will provide and derive many of the benefits of a low-carbon economy, not least in sustainable economic growth but also through higher living standards and better-quality services.

Ireland can be proud of the steps it has taken so far on the journey to net zero.

Decarbonisation is not only an environmental necessity; it is now an economic one as well.

Passing a resilience assessment could help to mitigate cyberattacks

A new solution to minimise cyberattack devastation is targeted at helping businesses — large and small — to build resilience in their networks and avert shutdowns.

Building cyber resilience into networks has never been more crucial. It can make all the difference between a company surviving a cyberattack to the total devastation of operations, completely crashing to a point of no revival.

The state of cybersecurity readiness in Ireland is not as high as it should be, given the fact that as a country, Ireland has a well-developed digital economy.

According to the World Economic Forum, Ireland’s investments in cybersecurity have lagged behind its digital development. There is now a massive gap between digital development (ranked 20th

Cybersecurity is an excellent career path to follow. The number of unfilled cybersecurity jobs worldwide was reported to be 3.5 million in 2021, and that number is constantly growing.

Cork city has emerged as an important European cybersecurity hub for a few reasons, but being home to some of Ireland’s leading universities — including Munster Technological University (MTU) and University College Cork (UCC) — is certainly a contributing factor.

Local and international contribution Our graduates and courses at MTU have consistently delivered on the industry skills needs strengthening the attractiveness of Cork city as a first location for Industrial Development Agency (IDA) and Enterprise Ireland (EI)

globally) versus cybersecurity (73rd).

Heavy cost of cyberattacks

A recent example of the havoc wreaked was the ransomware cyberattack on the Health Service Executive of Ireland resulting in all of its IT systems being shut down — costing the Irish economy some 100 million euros to recover.

Professor Thomas Newe, Principal Investigator with the CONFIRM Research Centre, says: “Still, not all HSE systems are fully back, and it’s expected that another 500 million euros will be spent on upgrading systems.”

“It showed just how devastating it can be when a cyberattack happens.

Such attacks can be particularly bad for manufacturers because it is going to stop production.”

With the post-Covid-19 rise in numbers of people working from home increasing the risk of cyberattacks, it has never been a more important time for businesses to build resilience into their networks.

Mobile testing unit

Professor Newe, who is also Associate Professor at the University of Limerick’s Department of Electronic and Computer Engineering, is involved in the research and development of a mobile testing service for CONFIRM — the Science Foundation Ireland Research (SFI) Centre for Smart Manufacturing.

“If you want to analyse the networks of a company, you need to be on-site as very few would give you remote access to them to perform tests, they need to see what you are doing,” explains Newe. “The AIRBUS CyberRange is a box on wheels that can test IT and OT (Operational Technology) systems. We are the first in Ireland to have this system, and it allows company data to stay on-site, in the company.”

The system will look for points of attack in your systems, from the need for software updates to network configuration issues, thereby enabling solutions to be provided to build resilience against cyberattacks.

We continue to expand and develop our cybersecurity offerings and have a strong track record of producing outputs with national and regional benefits in this area, including CyberIreland and CyberSkills, both of which are located mainly in MTU, are government-supported and have a national focus on the cybersecurity industry in Ireland.

Undergraduate and postgraduate cybersecurity

courses

Cybersecurity forms a large part of the curriculum of all our course offerings in Computer Science. At the undergraduate level, every first year takes a cybersecurity module, and all of our undergraduate courses feature many cybersecurity modules.

CONFIRM Centre is open to collaborations with companies who want to use and learn more about the AIRBUS CyberRange system. Learn more at confirm.ie

client companies. The region hosts many organisations that focus on cybersecurity or indeed manufacture and retail cybersecurity products. Many security operations centres are located in the region, and there are several community meetups, most notably CorkSec (a.k.a Defcon Group DC021353) which meets monthly in Cork city since 2013. Our cybersecurity activity extends into research including PhD candidates, postdoctoral researchers and faculty conducting work on a wide range of national and international projects — in most cases in collaboration with our industry partners.

At the postgraduate level, we offer a MSc and Postgraduate Diploma in Cybersecurity as well as a MSc and Postgraduate Diploma in Cybersecurity Management. The MSc in Cybersecurity focuses on the technical aspects of cybersecurity while the MSc in Cybersecurity Management is focused on the Governance, Risk and Compliance (GRC) aspects of cybersecurity. Neither course has any written exams, as the students learn by carrying out tasks and projects, and employment prospects in the cybersecurity industry from both courses are excellent.

If you are interested in learning more, visit mtu.ie/courses/

Keeping Ireland safe from cybersecurity threats could be a course away

Why we need to listen to our nation’s IT and digital professionals now

In a rapidly changing digital landscape, we must harness the voice and expertise of our IT and digital professionals, at the coal face of innovation.

The pandemic saw an acceleration of the adoption of digital technologies and ways of working. This response was connected with digital transformation processes already underway; and without this readiness, our ability to keep functioning would have been severely reduced.

Acceleration of digital adoption

We know that there is a strong link between an organisation’s digital and IT maturity and its ability to adapt to changing circumstances.

The IT and digital professional community were at the forefront of providing the digital solutions we depended on to weather the global pandemic. Since then, the universal pivot to digital has centralised the role of technology across all aspects of our lives, making digital transformation even more essential to businesses in Ireland.

Informing digital transformation

IT professionals and teams are strategic technology partners that play a vital role in any digital transformation. Their insights and expertise must be captured and inform the digital transformation journey.

Similarly, to meet the emerging challenges and opportunities presented by innovation in technology such as cybersecurity, developments in AI, as well as the global challenges of sustainability and digital inclusion, businesses, organisations and policymakers must absorb and leverage the expertise and accrued knowledge of the IT and digital community.

Fin Goulding, CTO at Flow Academy and ICS Fellow, supports companies to develop their digital transformation goals and strategies. He shares: “Digital transformation starts with ‘storytelling.’ Organisations can get bogged down with large strategic presentations, programme governance or new methodologies that can become the focus rather than the business outcomes themselves. Target short-term deliverables, focused on your story, that — once achieved — will give the team the confidence to move forward and bring the story to life.’’

A culture of IT professionalism

Ireland has a highly skilled population of IT and digital professionals that have secured our position at the global cutting-edge of IT. Implementing a national strategy of IT professionalism will further strengthen this position.

Digital technology solutions and the specialists that implement them can help society tackle its shared goals and challenges, so we must build an Irish IT profession that is recognised and respected by other stakeholders as highly skilled, innovative, ethical and accountable.

IT professionalism is the quality assurance we need to deliver service and value and build confidence between tech providers and users. In a rapidly changing digital landscape, we must ensure that we are using the voice and expertise of IT and digital professionals — supported by a culture of IT professionalism — to enhance business resilience and successfully navigate digital transformation.

IT professionalism is the quality assurance we need to deliver service and value and build confidence between tech providers and users.

The cybersecurity sector is undergoing a massive scaling operation, and with new ways of working determined by ongoing changes to the digital economy, organisations must be adaptable.

The challenges facing cybersecurity firms, and those with strong cybersecurity functions, are two-fold: it’s not only the required technology and the related skills, but the leadership capabilities needed to drive change and culture forward. To normalise the mitigation of risk and build business resilience, organisations must have a balance of the two.

Considering strong leadership “Cybersecurity functions in Ireland employ over 7,500 people, with potential for a further 10,000 roles by 2030. The opportunity for the sector is huge,” says Cyber Ireland Cluster Manager, Eoin Byrne. To achieve cybersecurity goals,

the obvious solution is to bring in cybersecurity professionals — those who can problem-solve by harnessing the power of technology. However, it’s also important not to underestimate the impact that professionals with strong leadership skills can have on the changing face of the world of work. How do we ensure that leadership and people skills are integrated into the fabric of the way they do business? The answer lies in the diversity of thinking and practice — and that’s the beauty of people-driven organisations.

Diverse skills and work culture

Businesses in Ireland are known for being entrepreneurial, innovative and creative. It stands to reason

then, that the people working in cybersecurity firms and functions would reflect this diverse culture.

“Organisations seeking to maximise the effectiveness of cybersecurity build strategies around their human infrastructures and capital to protect their information and digital assets,” says Tony Moroney, Programme Director for the IMI Leading in Cybersecurity programme.

“Progressive leaders recognise that an organisation is only as good as its people and that technology exists to support and extend human activity. Everyone must be part of a cultural firewall that shares assumptions, values and priorities about what it means to be secure.” In summary, it’s all about mindset.

Embracing different personality types, different ways of working, cognitive diversity and neurodiversity are all key for organisations as they begin to scale. It’s not enough that buzzwords like ‘diversity’ and ‘inclusion’ are considered within hiring policies. It’s about leaning into the true diversity of people and unlocking their potential to contribute to leadership rather than expecting them to conform to established standards.

By truly listening to people’s interpretation of their challenges and supporting them at the right time, we’ll begin to see characteristics like neurodiversity not only accepted in the workplace but embraced.

Diverse human characteristics and ways of working can lead to cybersecurity success

IT professionals and teams are strategic technology partners that play a vital role in any digital transformation.

~Mary Cleary, Secretary General, Irish Computer Society

Advanced cybersecurity makes sense for any business today

IT experts with over 20 years of experience have helped businesses plan their defences against cyberattacks by helping to make companies’ IT systems more resilient.

The cybersecurity landscape has shifted dramatically in the last 20 years,” explains Dan Kenny, a founder of Infinity IT, an expert in providing Managed IT and Security Services to a diverse base of customers in Ireland.

Thinking ahead of potential cyberattacks

“Medium to large companies are more likely than ever to engage a managed security services company to assess the risks and come up with solutions to potential cyberattacks. This is very important because, without robust systems, an attack can be extremely damaging to a business.”

“We can see that organisations who have fallen victim to a cyberattack suffer severe disruption to their operations,” adds Shane Casey, Managed Services Manager at Infinity IT.

“According to the 2023 SonicWall Cyber Threat Report, prominent ransomware attacks impacted enterprises, governments, airlines, hospitals, hotels and even individuals causing widespread system downtime, economic loss and reputational damage. Several industries faced large year-over-year increases of ransomware volume, including education (+275%), finance (+41%) and healthcare (+8%).”

Creating cyber-secure systems with clients

“There is a realisation at board-level that cybersecurity is not simply a function of the IT department but of the whole company,” says Casey. “By coming directly to us with their concerns, we are able to provide solutions for companies to mitigate their cyber risk.”

The IT and security services expert has helped a range of businesses, from financial institutions to SMEs, using the same methods across the board. “We work on identifying areas of cyber risk, including information security and data protection. From our experience in the financial services sector, we have learnt a lot about managing complex systems and are able to provide best-in-class cyber protection solutions, giving companies value for their investment,” explains Kenny.

Forming good habits

Many smaller businesses cannot afford to appoint an IT manager, and instead, they engage Infinity IT to manage their cybersecurity. “A good cybersecurity culture is vital in empowering staff to be one of the most important elements of cybersecurity within your business,” explains Casey.

“We meet with clients regularly, providing reports on the status and performance of their IT and security systems. We also discuss any developments in cybersecurity with them and recommend action where appropriate.”

Cybersecurity is not simply a function of the IT department but of the whole company.