Cybersecurity needs collaborations across sectors and borders, participants in Ireland’s business group Ibec’s Cybersecurity Summit agreed.
The inherent insecurity of the internet and the growing digitalisation of society have opened the way for multiple types of cybercrime, with all the evidence pointing to a continually increasing level of activity.
While the Summit was not focussed specifically on the energy sector, much discussion took place around the cyber attack of May 2021 on Ireland’s Health Services Executive as an example of a major attack on a critical state infrastructure.
Like recent attacks in the energy sector, it was a ransomware attack and impacted 80% of the Executive’s systems, requiring months of recovery and still an active investigation.
Fran Thompson, Chief Information Officer at the HSE, reported a key takeout from the attack that cybersecurity and governance are a leadership issue and not just solely IT. Organisation leaders need to be aware of how their businesses are dependent on technology and what to do if this technology fails.
He advised organisations to carry out simulated attacks to prepare for potential threats and stressed the need for companies to have a cybersecurity strategy in place, including a cyber specific crisis management plan and cybersecurity incident response plan as well as a business continuity plan.
Detective Chief Superintendent Paul Cleary of the Garda National Cybercrime Bureau, which is investigating the attack, reported that evidence from nine jurisdictions around the world had been retrieved.
Through international and local policing activities, suspect technical infrastructure had been targeted and seized, including domains used by the criminals, enabling the alerting and prevention of attacks on as many as 753 potential victims around the world.
He advised that cybersecurity should be treated as an investment rather than an overhead by organisations and reiterated the need for planning and preparedness. He also stressed the need to keep the pressure on cyber criminals, with the disruption of criminal finances becoming more challenging as they adapt to new cryptocurrencies.
Call to action
The meeting report states that key findings and calls to action that emerged from the summit included the urgent need for major advanced economies to strengthen their cooperation to build robust resilience in cybersecurity to protect and defend their economies and societies and the need to build much greater awareness to the damage of cyber attacks.
Collaboration between public and private sectors also was emphasised and increased cyber resilience was a common thread, with calls for enhanced cybersecurity resilience measures to be implemented as a matter of urgency. These include basic cybersecurity attack management plans, improved basic cyber hygiene and early detection systems.
“International collaboration and cooperation between national cybersecurity teams can ensure that we are best prepared for any potential cyber attack, and by working together we can minimise the risk and potential damage we may face,” concludes the report.