ISO 27001, ISO 27001 Information Security
It’s been another busy month for the world’s ‘professional’ hackers. Since the beginning of 2023, they founds gaps in the cyber security of the UK’s Royal Mail, its Defence Academy and US Water.
Closer to home, a cyber-attack was detected at Munster Technological University (MTU). A breach so significant that it caused a digital outage across campus for over one week.
We take a look at what happened, and how the ISO standard for Information Security can help Irish businesses mitigate against the growing threat of cyber stealth and espionage.
Back as far as the late 00’s, hackers were discovered to be making an average of 70,000 daily attempts to ‘break into’ the high security US State Department. At one single point in time (in 2010), hackers were found to have accessed confidential files in six different UK government departments. In 2021, Russian-based Uber-hackers, Conti Ransomware, caused widespread devastation when they infiltrated en masse the HSE’s IT systems.
Most recently the Cork hub of MTU was the victim of a professional cyber hit, when its entire IT system was subjected to professional hacker encryption when ‘alien’ code was found embedded in one of its servers forcing it to shut down all IT systems for over a week. With the matter reported to the National Cyber Security Centre (NCSC) as well as the office of the Data Protection Commissioner, it is believed that the ransomware had gone unnoticed in the college’s systems for some weeks. In a statement released by MTU it said:
The incident resulted in the encryption of certain MTU systems for the purpose of demanding a ransom. We are currently assessing all appropriate and effective solutions to allow us to return to teaching as normal and reopen our campuses as quickly and safely as possible”.
It’s no wonder then that the Irish Cyber Security sector has been identified as one with the potential for significant growth over the coming twelve months. With big names such as IBM, HP and Malware as well as a growing number of indigenous IT service providers bolstering their investment in wide-ranging cyber security offerings, it is expected that annual IT security related revenues will hit the Euro 2 billion mark within the next year in Ireland.
Recent events both at home an abroad have served to highlight the importance of cyber security, with the need for safe digital spaces and water-tight secure systems for those organisations most at risk of confidential or personal data breaches (which could see them potentially exposed to bank-breaking litigation).
The reality is that every organisation or business, no matter its sector or size, is a potential target for a growing number of highly organised cyber-criminal groups.
With the cyber security sector in Ireland set to grow by approx. 10% p.a. over the next decade, industry experts are busy highlighting the need for specialist skills in drill-down areas such as ‘threat research’ security architecture, computer forensics and malware/ransomware analysis.
With over 80% of Irish firms planning to increase their investment in cyber security systems, tighten up their existing processes/protocols and expand (or introduce new) IS teams, and surging growth in the sector set to continue exponentially, Ireland looks to be on course to become the cyber-security hub of the EU.
As IT-focused companies pour money into R&D, product development, employee up/re-skilling and diversification into new service offerings, there are calls for the government to expand the NCSC to include a world-leading research centre at the heart of which would be working to optimal corporate cybersecurity management.
A world-leading, ground-breaking robust Cybersecurity management system already exists in the form of ISO 27001 – the IS management system standard.
The chief function of ISO 27001 is to act as both guide and support in the successful management of cyber security at all levels – operations, mitigation and risk. ISO 27001 is the conduit via which Operations, IT and lines of Business can work together to build capacity as well as a solid foundation for the protection of and safe management of its confidential data.
In providing “best practice data protection and cyber resilience” (ISO Org), an ISMS – Information Security Management System – affords organisations the opportunity to successfully secure their assets including confidential client-vendor-financial-employee data, IP and company-confidential data on business strategy and planning and product development as well as shoring up legal and compliance.
Cyber-attacks aren’t just costly, they can severely impact a company’s reputation, its standing within the industry and employee morale. The trick is to stay one step ahead of the hackers and by putting robust operational controls in place such as the ISO 27001 framework, organisations stand a much better chance of protecting their and their clients’ interests.
ISO 27001 is a best practice identifier of cyber risk – both internal and external – helping companies to pinpoint chinks in their IS armor whilst simultaneously providing process driven building blocks via which they can ramp up their cyber defenses.
Adopted by tens of thousands of companies worldwide, it is on track to become one of the most popular of the ISO Standards by the end of this decade.
CG Business Consulting offers a wide range of ISO 27001 focused services including gap analysis, certification, implementation and integration.
*Source BBC R4, Irish Examiner
From the consultation your will:
© 2022 Copyright CGBC
Design By Sweet! | Development Thenet.ie