Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.
National Cyber Risk Assessment outlines potential threats facing Ireland
The newly launched National Cyber Risk Assessment 2022 report outlines the potential cyber threats facing Ireland, including cyber attacks on a similar scale to the HSE ransomware attack, as well as nation-state actors threatening national security through disruptive cyber-attacks and espionage operations. The 51-page report goes into detail on the threat landscape, risks to key sectors and supply chain risks. It makes three recommendations aimed at strengthening Ireland’s resilience to cyber risks: strengthening legislation to embed appropriate security measures in products and services from service providers and tech vendors; developing a framework to manage strategic supply chain dependency risks for critical and sensitive services; and setting up a central register of all essential and important entities in the State.
The full report is available to view or download. The National Cyber Security Centre, which led a broad steering group to develop the report, also released a useful infographic summing up the main points. Commenting for Siliconrepublic.com, BH Consulting CEO Brian Honan said Ireland’s position within Europe as a technology hub increases its risk of being targeted by “highly organised” and sophisticated criminals that are “motivated purely by greed” and “ruthless in the execution of their goals”.
The Irish Independent reported that the Government also plans to set up a national anti-ransomware organisation.
New training programme aims to tackle cybersecurity skills shortage
With an estimated 7,500 people working in cybersecurity in Ireland, and roles in high demand, a new training programme aims to increase skills, raise public awareness, support job creation and support the domestic security industry. The Advanced Manufacturing Training Centre of Excellence (AMTCE), based in Dundalk, has launched a scheme to promote work in and awareness of cyber security to students at school level as well as providing multiple ways to access training in the area. Courses will start in September. More information is available at the AMTCE’s dedicated page.
Cyber Ireland, the industry body, forecasts that cybersecurity jobs will increase to 17,000 by 2030. Workers with expertise in the area are in high demand, recruitment firm Morgan McKinley says. And for anyone with a non-technical background who’s interested in getting started in cybersecurity, Lance Spitzner of SANS has published a useful blog. “The key to your success is not a technical background, but your willingness and desire to learn how technology works and to never stop playing,” he wrote. “In addition, there are a growing number of fields in cybersecurity that do not focus on solving technical problems, but instead on human problems. These require softer skills, such as policy development, security awareness, and training, governance, security communications, privacy or cyber law, and ethics.
Data protection concerns force delay in new AI launch
Google’s Bard AI chatbot is on hold in the EU after the Data Protection Commission blocked its launch in June. As Google’s primary data supervisor in the EU, it fell to Ireland’s regulator to call a halt (temporarily, at least). Quoting deputy commissioner Graham Doyle, Politico reported that Google hadn’t provided a detailed briefing or shown an assessment of the tool’s data protection impact (DPIA). The Business Post noted that, under GDPR, Google must submit this assessment, called a DPIA, before launching any product that uses citizens’ data. Siliconrepublic.com pointed out that Google had launched Bard in February and it has been available in the US and UK since March. Prominent pivacy campaigner Johnny Ryan welcomed the news.
In a related development, privacy authorities in the G7 countries met in June to discuss data protection concerns around generative artificial intelligence models. Euractiv reported they will outline a common vision of the challenges involved. In a statement, the group recognised growing concerns that if generative AI IS not properly developed and regulated, it could present risks and potential harms to privacy, data protection, and other fundamental human rights. The group also called for safeguards to prevent the models from being used to extract or copy personal data.
In other privacy news, the European Data Protection Board has adopted guidelines intended to harmonise the approach that regulators take when calculating fines under the GDPR. This final version changes how an organisation’s size factors into the starting amount for fines. The EDPB also published a data protection guide for small business, focusing on individuals’ rights under GDPR.
Links we liked
|Is the so-called Great Resignation affecting security leaders too? MORE
Kelly Shortridge has a nuanced take on the recent DBIR findings. MORE
Unprecedented: Barracuda urges customers to replace their hardware. MORE
Nine free cybersecurity white papers worth reading, via Help Net Security. MORE
‘Password’ and ‘game’ in the same sentence? See if yours passes the test. MORE
Researchers from NTT in Japan used ChatGPT to detect phishing sites. MORE
This Map from Orange tracks the growth of ransomware gangs since 2015. MORE
The UK NCSC has updated its risk management toolbox, a free guide. MORE
Why moves to break end-to-end encryption are misguided, and hurt us all. MORE
Data decisions create a dark day for Irish democracy. MORE
Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.
Sign up here