Issues

Managing cybersecurity in an evolving digital world

For more than 30 years, ESET has been developing industry-leading IT security software and services, delivering instant, comprehensive protection against evolving cybersecurity threats. Louise Bowe, CEO of ESET Ireland, speaks with eolas about the changing threatscape and the ability to adapt and defend against it.

ESET has been securing computer infrastructure for 30 years, through all the major changes and developments in the digitalisation of the home and workplace, along with security challenges. Practically, since the first widespread computer viruses emerged – ESET’s founders discovered their first computer virus in 1987 – ESET has grown and matured on the frontlines, responding to threats and cybersecurity crises as they appeared.

From a small, dynamic company ESET has grown into a global brand with over 110 million users in 202 countries and territories. Many things have changed, but ESET’s core philosophy, to help build a more secure digital world for everyone, has remained the same. ESET uses multi-layered technologies that go far beyond the capabilities of basic antivirus, also offering anti-spam, anti-phishing, ransomware protection, banking and payment protection, cloud sandboxing, endpoint detection and response, et cetera. ESET’s security researchers in 13 globally distributed R&D centres utilise their expertise to ensure the best round-the-clock threat intelligence.

When asked about the key challenges of the security industry, Bowe responds: “There are always challenges, regardless of the industry. It is how we perceive them that counts. Challenges are opportunities to grow, evolve.”
ESET Ireland believes it is particularly important to adapt the capacity to engage with new challenges, regardless of the field of expertise. “This should be standard across all industries, especially in the new world of remote working and safer connectivity.”

ESET’s goal is to enable everyone to enjoy the full potential of their technology in a secure digital world. There is not much difference in prioritising the need for protection, whether it is for enterprise, the public sector, SMB, or home users. Cybercriminals are always looking for opportunities to take advantage of anyone’s weakness, to try and extract money or data from them.

As such, ESET Ireland operates as widely as possible. Bowe adds: “Even though it is a completely different focus for each segment, and each need a different approach, we take support very seriously. We support all our end users from the enterprise down to the single user. Each has a dedicated team, highly skilled, trained, based in our main office in County Wexford.

“We deal with everyone from the home user to the SMB administrator to the enterprise security team or security operations centre. ESET has an endpoint solution for any size of business, organisation or family, which requires us to be able to provide any of them with local, timely, practical and comprehensive support when they need it.”

Asked whether Ireland is in any way unique when it comes to types of threats it faces, Bowe observes: “When it comes to this, as well as most other cybersecurity-related aspects, Ireland is not much different from the rest of the world, but there are differences in reactions to threats by types of users.

“When dealing with end-users we might deal with anyone. From the family member responsible for their family’s computers and devices, to the small business owner just trying to ensure they are protected.

“The main difference would be in how our teams approach each specific customer. While each has very valid and pertinent security concerns, there can sometimes be a knowledge gap when dealing with end-users when compared to B2B.”

ESET Ireland protects thousands of large and small businesses, organisations, and institutions throughout Ireland, with cutting-edge expertise and advanced machine learning, as well as support for all ESET security they have in place. But things don’t always run as planned.

“Ireland is often focused particularly inward, rather than seeing itself as a part of a wider European or even global cybersecurity network.”

“Unfortunately, this same knowledge gap can sometimes exist in B2B too, with many companies being hesitant to allocate sufficient budget to their IT needs. We find SMBs without a dedicated IT administrator instead opting to task IT as someone else’s secondary responsibility and this then comes with many problems of which our teams need to navigate,” Bowe explains.

Being based in the European Union, ESET adheres to the strictest regulations, but the root of ESET’s integrity lies in its culture. “We have always believed that security cannot exist without clients’ trust. We earn it with responsible industry practices and full transparency. We have positioned ourselves as a security ‘partner’ rather than vendor, so helping people use our solutions to their maximum potential, to alleviate those concerns is all part of that job.

“On the other hand, we deal with large multinational enterprise level organisations, who are security aware and well educated. We find these organisations to be far more specific in their requirements.”

In perpetual flux, the world has experienced many cyberattacks against government institutions and critical infrastructure. ESET’s experts share their research at universities, global conferences, and via its industry-leading security blogs and publications.

“We do not rely on a single fence to protect our valuable properties. We utilise fences, gates, locks, cameras, burglar alarms and sometimes more. IT security should be treated in the same way.”

“Although we partner with law enforcement to combat cybercrime, regardless of its origin, we are not beholden to anyone, neither governments, intelligence agencies, powerful organisations nor individuals,” Bowe emphasises.

ESET is a fully European-owned company with a global presence and is neither dependent on, nor looking for investors. Therefore, it has no shareholder pressure to make a fast return on investment, which allows it to really direct its focus where it is needed to stay true to its vision.

“But Ireland is often focused particularly inward, rather than seeing itself as a part of a wider European or even global cybersecurity network,” says ESET Ireland’s CEO.

With many headlines in recent years about notable hacks or data loss incidents in Ireland, one of the main questions being asked is: is Ireland doing enough to effectively combat cyberattacks? Bowe is critical: “The answer is a resounding no. If we speak in general terms, the sentiments are mostly a laissez-faire attitude which doesn’t benefit anyone. In our experience, IT security in general is not treated with the gravity it warrants.

“During the height of Covid-19 lockdown measures, we saw a marked rise in RDP brute force detections, subsequently followed by a rise in ransomware reports. In the rush to enable working from home administrators neglected some of the most basic security requirements which in turn opened them to the abuse from the internet and malicious actors.”

Although ESET’s forte is its strong technical advantage, it is also focused on raising awareness about proper implementation and mindset, as the user is often the weakest link in cybersecurity.

Bowe explains: “We see that organisations make a great initial effort to secure their digital assets but then fail on maintaining that protection. In most of the cases we deal with, where an organisation was compromised, we find poorly maintained security software, sometimes never installed on new devices, or outdated devices left without any product updates. The intention is often there and starts out great, but then falls by the wayside as a secondary concern in day-to-day operations.”

“Learn to adopt security as a mindset, and not as an afterthought. Cybersecurity should be at the forefront of consideration for all organisations, not as a tick-box on the end of the IT budget but an integral part of the IT solution.”

ESET’s goal is to ensure that its technology is on the side of users, so they can focus on their business and enjoy the benefits it brings. “Security solutions are often treated as a ‘fire and forget’ type solution that requires no maintenance,” Bowe highlights, adding: “This could not be further from the truth. No matter what security solution we are talking about, be it endpoint, gateway, cloud, mobile, they all require constant monitoring and vigilance. But technology can make that a lot easier and more streamlined.

“We find that solutions are implemented and then left unmonitored and unmaintained. Take for example the recent HSE attack where attackers purportedly ‘lived’ in the network for up to a week prior to encrypting those vital assets. With adequate reporting protocols and security management, this could have easily been avoided.”

What advice, therefore, can be provided to Irish organisations in relation to keeping their defences integrated with global threat trends? Bowe advises: “Learn to adopt security as a mindset, and not as an afterthought. Cybersecurity should be at the forefront of consideration for all organisations, not as a tick-box on the end of the IT budget but an integral part of the IT solution.”

As our world becomes increasingly digitalised, and we become more dependent on digital systems for our daily operations, we become increasingly vulnerable to attack. As we adopt new technologies, we adopt new attack vectors for criminals to leverage against us. “If physical security is an absolute must for our stores, our homes, and our vehicles, digital security should be no different,” Bowe insists.

Unified defence

According to ESET Ireland CEO, the public sector approach to security is no exception. “ESET is strongly represented in the public sector domestically and globally. But it seems every public sector entity approaches IT security differently. There appears to be a lack of a homogenised strategy toward IT security.

“It would be difficult to compare the likes of Revenue to the Department of the Taoiseach, given the dramatically different information they handle, but the impression of an absence of a unified defence plan is still strong.”

The National Cyber Security Strategy for 2019 to 2024 outlines: “The NCSC (National Cyber Security Centre) will develop a baseline security standard to be applied by all government departments and key agencies” as a potential measure.

However, “Given that a ‘five-year technology strategy’ is only now commencing, perhaps we will be in a better place in five years, but we are definitely not anywhere close currently,” Bowe states.

A robust cyber-defence should therefore be a priority, she contends. “Organisations should try to adopt a ‘defence in depth’ approach toward their systems. It is better to evolve proactively than react intuitively. Overreliance on a single solution or technology can give a false sense of security.

“We do not rely on a single fence to protect our valuable properties. We utilise fences, gates, locks, cameras, burglar alarms and sometimes more. IT security should be treated in the same way.”

Organisations should try to implement as many layers of defence they can, as each additional layer is an additional barrier to being compromised. For an illustration of the multi-layered dynamic defences, Bowe lists some of the advanced technologies she deals with on a daily basis.

“ESET has developed its own in-house machine learning engine, named ESET Augur. It uses the combined power of neural networks and classification algorithms. The ESET Cloud Malware Protection System is one of several technologies based on ESET’s LiveGrid cloud system, in which possible threats are monitored and submitted via its unique feedback system. ESET’s host-based Intrusion Prevention System monitors system activity and uses a pre-defined set of rules to recognise suspicious system behaviour. I could go on, but the complexity of defences nowadays can easily go over most of our heads,” she details.

Looking ahead to the future, while considering the experience gained in the previous years, Bowe concludes: “ESET Ireland believes in the coming years we will see Internet of Things continue to cause challenges. Ransomware is not going away anytime soon, and supply chain attacks will increase, as will infrastructure attacks, since they are, in many cases, relatively easy to conduct, due to inadequate security. But ESET will ensure to stay at the forefront of defences, so that everyone can truly enjoy safer technology.”

Show More
Back to top button