Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock

Irish banks are 'absolutely not prepared' for cyber attacks

Expert Paul Dwyer says some firms are letting inexperienced staff handle their security.

IRISH BANKS HAVE serious gaps in their security systems which need to be addressed to properly protect against cyber attacks.

That is according to one of the country’s leading cyber experts, Paul Dwyer, who said that many financial institutions have not invested enough in the area as a result of the banking crisis.

Dublin native Dwyer is the CEO of security company Cyber Risk International and the President of the International Cyber Threat Task Force (ICTTF), a not-for-profit group that aims to help connect cyber security experts with more than 3,000 members worldwide.

Speaking after a recent ICTTF breakfast briefing, he told Fora that Irish financial organisations are “absolutely not prepared” for online attacks.

“The Central Bank of Ireland has written to every financial institution in this country a number of times telling them that their boards have full responsibility for this, and they have to prove that they’re doing something about it so there’s no excuse anymore for any financial institution,” he said.

“A lot of what (is needed) is cyber hygiene basics, nothing too sophisticated. For example, data classification doesn’t exist in a lot of banks.

“By that we mean, are you treating all your data the same, or are you saying ‘this data is more important than that data?’ Because that’s the general principle of security, you don’t have the same security controls over everything.”

paul dwyer cyber crime Cyber Risk CEO and ICTTF president Paul Dwyer Youtube Youtube

Gaps

He added: “That’s on page one of information security management, classifying your assets and understanding what you have. They’re finding that there are gaps there, massive gaps, but they’re not difficult gaps to fill.

“Those institutions have to take heed from the writing that’s on the wall from the Central Bank and plug those gaps and move forward. It isn’t rocket science, but if it isn’t priority for a bank they’re not going to do it.”

Dwyer also recommended that financial companies should assign a senior staff member specific responsibility for dealing with cybercrime, however in many cases that was yet to happen.

“Unfortunately, what we find a lot of the time with financial institutions in Ireland is that the person who becomes the chief technology officer, or whatever, has been in that organisation maybe for a long period of time.

“When you question them and ask what are their security qualifications, how do they understand cyber, you very quickly find they may not be the most appropriate person.”

File Photo The Central Bank has opened the sales process for its Dame Street premises, which consists of the tower building and commercial buildings in Dublin city centre. Estate agent Lisney will offer the buildings for sale in one or more lots. Reports The Central Bank oversees the banking industry Laura Hutton / RollingNews.ie Laura Hutton / RollingNews.ie / RollingNews.ie

Gravitas

He added: “It’s mandatory from the Central Bank that you have to appoint someone from the Central Bank who is responsible for this area. But in some organisations we work in, we meet people who are maybe 20 years of age who have been handed this poisoned chalice.”

“They say, ‘I have no power to effect any change, I’m in the organisation six months’, so they’re not giving it the gravitas it needs.”

Asked how banks can better protect their customers data he said: “The approach of a lot of institutions has been that they need to adopt some sort of security standard and just measure up to that.

“But not everybody is the same. Everybody will work out what is appropriate for their organisation and apply the appropriate controls.

“They need to get the tools they need to develop a management system. Some will need more education for their staff, some will need to improve their network security, different things. There’s no silver bullet.”

Written by Paul O’Donoghue and posted on Fora.ie

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

View 10 comments
Close
10 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds