Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants.

Grant aid for SME cybersecurity as the Ireland’s industry expands

A new grant aims to help SMEs to review and update their cybersecurity and mitigate against the risk of incidents. The Cyber Security Review Grant scheme subsidises the cost of a cybersecurity assessment and remediation plan. Companies can get up to €3,000 in funding for the initial review, funded by Enterprise Ireland, followed by up to €60,000 for remediation, funded by the National Cyber Security Centre. Cyber Ireland, the national cybersecurity cluster supported by the Irish Government, worked in partnership with EI and NCSC, giving input into the initiative’s development before its launch. It has a summary of the scheme and full details are also available here.

The scheme is also expected to create demand for cybersecurity consultants and services. That market has been growing steadily: according to Cyber Ireland, the cybersecurity sector contributed €1.2 billion to the Irish economy over the last year, as the number of active companies increased by 9 per cent since 2022. The findings come from a sector snapshot the group launched at its national conference in September.

Cyber Ireland also welcomed its incoming chairperson, Brian Honan, who takes up the reins from Pat Larkin. In his welcome address, the BH Consulting CEO called for a spirit of ‘meitheal’ or cooperation to develop the industry in Ireland and help it to become a global hub for the sector. 

The malevolent seven: ENISA report identifies prime cybersecurity threats

Ransomware; malware; social engineering; threats against data; threats against availability (denial of service); information manipulation and interference; and supply chain attacks. Those are the seven threats ENISA enumerates in its latest Threat Landscape 2024 report.

Denial of Service (DDoS) attacks and ransomware dominated, making up for more than half the observed incidents. Bank Info Security’s coverage led with the finding that ransomware attack numbers stayed consistent over the past year. However, cybercriminals are using more effective tactics like using breach disclosure deadlines in regulations to try and force victims into paying higher ransoms. Information Security Buzz has a good summary of the main points. Now in its 12th edition, the 2024 report is based on the analysis of more than 11,000 incidents. The full report runs to 129 pages and is free to download.

Data protection and privacy newsround: controller clarity and regulators regulate

The EU Court of Justice has clarified that a data controller’s commercial interest can qualify as legitimate interest. The EU GDPR text makes this clear, but the Dutch privacy regulator had taken a different view back in 2018, and issued a €525,000 fine.

It’s been a busy few weeks for the Data Protection Commission, which fined Meta €91 million for storing millions of user passwords in plaintext. The regulator found that Meta infringed four articles of the GDPR: it failed to document the breach, to properly notify the DPC, to ensure appropriate security, and to meet the level of risk to users with appropriate protection. An investigation by Brian Krebs found that Facebook, owned by Meta, had stored “hundreds of millions” of user passwords in plain text for years.

Following complaints from customers, the DPC also opened an inquiry into Ryanair’s processing of personal data as part of the verification processes for flights booked through third party websites or online agents. The inquiry will consider whether Ryanair’s use of verification methods, including facial recognition, complies with the GDPR.

Meanwhile another social network has paused training generative AI models with user data. LinkedIn called a halt in response to concerns from the UK Information Commissioner’s Office. 404 Media reported that Microsoft had quietly rolled out this feature before updating its terms of service. Brian Honan noted that LinkedIn hadn’t rolled out this feature to users in the EU, because of the GDPR and the EU AI Act.

And finally, congratulations to privacy specialist and BH Consulting COO Dr Valerie Lyons on receiving the 2024 COSAC Conference Award. The award recognises individuals who have made exceptional contributions to either COSAC, or the cybersecurity sector. Dr Lyons is only the 12th person to receive the award in 31 years of COSAC.

Links we liked

NIST updates and simplifies longstanding password guidelines. MORE

The UK NCSC has a guide for security leaders to communicate with boards. MORE

Guidance on detecting and mitigating Active Directory compromises. MORE

Multiple countries jointly launch a guide to securing OT systems. MORE

Related: MITRE’s EMB3D threat model now covers OT devices. MORE

NSA to insurers: stop bankrolling ransom payments. MORE

UN: Telegram enables “billion dollar” cyber fraud (and other crimes too). MORE

Should’ve seen it coming: hackers add face recognition to Meta smart glasses. MORE

Stanford benchmarks the cybersecurity attributes of language models. MORE

Cofense looks at a recent phishing campaign that used HR-related themes. MORE

Have you signed up to our monthly newsletter? Every month we send out the latest cybersecurity and data protection news, trends and advice from around the globe.

Sign up here

About the Author: admin

Let’s Talk

Head Office

The LINC Centre,
Blanchardstown Road North,
Dublin 15, Ireland

Email

info@bhconsulting.ie

Call

+353 1 440 4065

Please leave your contact details and a member of our team will be in touch shortly.

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.