Pictured above is Jess Kelly, Technology Correspondent, Newstalk and Summit Host. Photos: Maura Hickey
Cybersecurity is a pressing issue for all organisations, yet as the threats evolve, so too do the sector’s standards and understanding, writes Quinton O’Reilly
In her opening remarks, Jess Kelly, technology correspondent for Newstalk and chair of Cybersecurity Summit 2022, mentioned it was European cybersecurity month and how today will be an opportunity for “plenty of pearls of wisdom to take away”.
The packed audience at Croke Park on October 18, took away much advice, knowledge and insights from the summit, where the theme was bolstering security strategies in an evolving threat landscape.
The summit started with a bang with the keynote address from Paul C Dwyer, president of the International Cyber Threat Task Force (ICTTF), which Kelly described as having the “wisdom and insight” to demystify the cybersecurity landscape.
Speaking about how the EU cyber strategy was making physical and digital entities more resilient, Dwyer described the situation as blind people looking at the same elephant; no matter where they are, the result is always an elephant.
The same principle applies to cyber attacks, no matter who or what is responsible for attacks, they’re the same thing. “All roads lead to cyber threats or cyber evil and there are lots of different motivations behind cyber threat actors,” he said.
“Everyone in this room who works in cybersecurity is playing their part in defending against cyber evil because all of these people work together in that same ecosystem. You need a combination of hope and imagination and confidence.
“We need men and women to dream of things that never were and ask why not, as the problems of this world will not be solved by sceptics and cynics.”
After it was the theme of collaboration when protecting national infrastructure.
The first panel of the day focused on defending against attacks and featured Michael Kelly, head of operations and ECAS at BT Ireland, Mary Kennedy, European cybersecurity and information services leader for Arup, Katie McCarthy, head of cybersecurity at Irish Water, and Richard Browne, director of the National Cybersecurity Centre (NCSC).
Speaking about the approach organisations should have, Kennedy said that all organisations must ensure that their supply chain management is in place from the very start as every level of your service must include security protection.
When asked what organisations should start with when organising protection, Kelly said BT took a different approach. “The first thing we decided to do was build the infrastructure fresh; let’s not import anything that already exists,” he said. “The easiest way to secure the infrastructure required is to build it from the ground up with security in mind.”
Following it were two presentations on threats and resilience.
The first was on keeping one step ahead of national threats delivered by Joe McCann, security manager for the National Transport Authority, who brought up collaboration as a critical element of this and how third and fourth parties are one of the biggest risks on the supply chain.
The second was adopting a cyber resilience approach to dealing with sophisticated threats by Puneet Kukreja, partner and head of cyber at EY Ireland.
He gave five ways to ensure this: work with an assumed breach mindset, manage critical third parties, have the ability to detect, respond, recover and communicate when an incident occurs, have a cyber response plan and know how you determine success if you tested it.
“Having a cyber response plan is no different than having a fire evacuation plan,” he said. “When a cyber incident happens do you have in your organisation [equipment], when was the last time you practised it and do people know about it.”
Before the break, there was one more panel discussion on leading security awareness across your organisation involving Rosie Coffey, head of enterprise applications group at UCC, Aoife Noone of Noone cyber services, Enda McGahern, security consultant for the Irish Prison Service (IPS), and Donna Creaven, director of ICT, governance & corporate services for IPS.
One common misconception is that people are the weakest link, which Coffey states is untrue.
She said people are the most targeted, which means having policies, proceduresand training are key for a good security culture.
Continuing the fire safety analogy, Creaven talked about how one ambition is to have a cybersecurity officer who treats said issues similar to a health and safety coordinator.