Irish government not prepared for a cyber attack

The rise in security breaches across Ireland has cost the government almost 8 times more than just two years ago.

The National Cyber Security Centre (NCSC) saw its budget increase by the department of Communications in 2017 to €2m, up from €250,000 just two years earlier.

Richard Bruton Communications Minister announced the budget for the NCSC in a written parliamentary answer but declined to give details about their ongoing cyber security projects or any recent cyber security attacks for ‘security reasons’.

In a recent report by the Comptroller and Auditor General it was revealed that the NCSC had no strategic plan in place and a management body that was set up to monitor and oversee the NCSC project has not met since 2015, despite the continuous trend of ongoing cyber-attacks across Ireland.

‘8.30 The Government decision in July 2011 approving the National Cyber Security Centre also approved the setting up of an interdepartmental committee to set and implement policy in relation to addressing the challenges of cyber security in Ireland.  The group first met in December 2013.  Minutes of only one meeting, dated February 2014 (noted as the third meeting) were available for review.  The Department has indicated that its records suggest that the group met five times.’

‘8.31 The National Cyber Security Centre Strategy Implementation Plan (2015) states that the overarching governance structure for the National Cyber Security Centre will remain the interdepartmental high level steering group, indicating the group would be reoriented to function as the oversight mechanism for all the work of the National Cyber Security Centre.  The Department states that the committee has not met since the strategy was published in 2015’

The main reason the NCSC was established back in 2011 was to ensure critical national infrastructure was fully secured. The NCSC is made up of computer science experts, software engineers, malware analysis and technology forensic experts and the NCSC is also home to the national Computer Security Incident Response Team (CSIRT-IE).  The NCSC is the central contact point in the event of a nationwide or government cyber security incident and it has been noted that there have been previous calls that the NCSC should be moved to the Department of Defence.

Richard Bruton stated, “The NCSC has been assigned a number of new roles under the recently signed Security of Network and Information Systems Regulations, which taken together, will mean that the State will have co-ordinated systems for the management of cyber-related risk to Critical National Infrastructure, and for the assessment and response to incidents.”

With cyber-attacks and data breaches on the rise, how can you protect your organisation? 

Cyber security is fast becoming organisations’ top priority. Many have chosen to mitigate the risk by implementing an ISMS (information security management system). 

An ISMS is a system of processes, documents, technology and people that helps organisations manage, monitor and improve their information security in one place. 

ISO 27001 is the international standard that describes best practice for an ISMS. 

Benefits 

An ISO 27001-compliant ISMS can benefit your organisation in several ways. It enhances your organisation’s structure and focus by clearly setting out who is responsible for various information security risks. It also protects and improves your reputation, proving to customers that you take information security seriously and are doing everything you can to keep data secure. 

Even if you do suffer a breach, regulators show leniency to organisations that have certified to ISO 27001 because they are able to demonstrate that they are following information security best practice.

Take our #Breachready quiz and see where you rank! 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.