Digital transformation: how to keep your online operations secure

As Irish businesses digitally transform their operations, they face a growing risk from ransomware and other types of cyber attack. Here, two SMEs share their insights on staying secure.

Typetec found that 27% of businesses who paid a ransom failed to have all affected data restored – and 60% said that sensitive data was leaked on the dark web, despite paying a ransom. The survey also found that only 39% of SMEs in Ireland consider themselves to be very well protected from cyber attacks. 

Cork-based digital marketing company Digital Funnel has been successful in protecting its operations, having been alert to the dangers of cyber attacks since its inception in 2016.

“It’s important to engage in frequent exercises to ensure your security systems can detect a potential attack early, and have an incident protocol in place in the event of an attack,” says Digital Funnel’s director and founder, Ian Carroll. “Repetitive testing at regular intervals to check for vulnerabilities is key here.

“Hackers are constantly looking for weaknesses in business systems, so you should be too,” he adds. “Generally speaking, most attacks come from the exploitation of a loophole. Updates are pushed out by suppliers to close off any potential loopholes – so always keep your software up to date.”

A safe digital transformation

Cyber attacks are a growing issue as more businesses digitally transform their operations – a process accelerated by Covid-19. One area of digital transformation is e-commerce. 

The Kilkenny Group, which sells Irish-designed products domestically and internationally via its website, has built strong security into its online operations from the bottom up.

“Cyber security has certainly become more of an integral part of the design and development process when we look to create new offerings on our website,” says the company’s strategy and e-commerce director, Emer McCarthy. 

“Through the concept of ‘security by design’, we strive to implement the security element of the project into the software design lifecycle. We look to highlight the key security risks and minimise these by writing secure code from initial project conception, therefore proactively embedding defence at the code level.”

Zero-day exploits, in which hackers find and exploit a vulnerability before a vendor has spotted it or had a chance to fix it, have added complexity to Kilkenny’s security plan.

“However, if approached correctly, the risk here too can be reduced by adding another layer of security with a web application firewall (WAF) to monitor and protect the site from would-be attackers,” says McCarthy.

She adds that Kilkenny’s WAF system also has the Open Web Application Security Project’s (OWASP) top 10 web vulnerabilities programmed into its threat signature database, enabling common threats to be monitored and addressed.

Evolving threats

As well as monitoring well-known threats, it’s vital to keep abreast of new trends and developments, says McCarthy.

“Threats are evolving at an exponential rate,” she says. “The new technologies that drive artificial intelligence (AI) and machine learning (ML) can unfortunately also be abused by attackers. This allows them to perform attacks at a much faster and more intelligent rate and has started a new paradigm in cyber security – one where human response times are not fast enough to catch these AI attackers. 

Hackers and scammers will exploit the most vulnerable elements of your business, and in 99% of cases it can be something as trivial as a weak password

Ian Carroll
Director and founder, Digital Funnel

“Currently, AI and ML cyber-security systems are being implemented into companies to block these AI attacks and catch them quickly without the need for human intervention.”

Since Covid-19 hit, Ian Carroll has seen a huge increase in the amount of phishing scams. Attackers have been targeting organisations where they know the majority of staff are working from home, where they don’t enjoy the same level of protection as they would when connected to a secure office network. 

Phishing scams involve sending fraudulent messages designed to trick recipients into revealing sensitive information or installing malware.

“For some people, working remotely blurs the line between personal spaces and secure business, which can lead to slip-ups,” says Carroll. “Thankfully, our staff have coped extremely well with working from home. But we have had intensive cyber-security training in the past.”

Constant vigilance is needed

McCarthy agrees that staff are a vital first line of defence.

“It’s key that we all understand how to spot threats and what actions to take to reduce the overall risk,” she says. “It’s something we have focused our staff’s attention on and we will be providing more security training to staff through our information security training and security awareness program, developed by our internal IT team.”

Also looking to the future, Carroll advises constant vigilance.  

“These scams and attacks are altering their tactics, so it’s of vital importance to be aware of any potential threats and keep yourself protected,” he says. “It doesn’t matter how big or small your business is, you need to be taking preventative measures – things like antivirus software, VPNs [virtual private networks] and two-factor authentication are essential, alongside the basic measures such as the avoidance of unknown email addresses, links, pop-ups and attachments.

“Hackers and scammers will exploit the most vulnerable elements of your business, and in 99% of cases it can be something as trivial as a weak password.”

McCarthy recommends a bespoke and layered approach to mitigating security risks.

“One preventative measure may not be enough to reduce your risk to an acceptable level for the company,” she says. “Each company is different, so seek advice from competent cyber-security industry professionals and train your staff to watch out for these threats.”

Ian Carroll’s top tips for protecting your digital operations

  1. Use firewalls and good antivirus protection.

  2. Use strong passwords and keep them unique, but easy to remember.

  3. Have automatic system updates turned on for your device, browser and key applications.

  4. Back up your data three times, on two different storage devices – one off-site.

  5. Stay up to date with scams and never open emails from people you don’t know.

  6. Be suspicious of emails containing links or attachments, even from colleagues.

Cyber security

This material is published by NatWest Group plc (“NatWest Group”), for information purposes only and should not be regarded as providing any specific advice. Recipients should make their own independent evaluation of this information and no action should be taken, solely relying on it. This material should not be reproduced or disclosed without our consent. It is not intended for distribution in any jurisdiction in which this would be prohibited. Whilst this information is believed to be reliable, it has not been independently verified by NatWest Group and NatWest Group makes no representation or warranty (express or implied) of any kind, as regards the accuracy or completeness of this information, nor does it accept any responsibility or liability for any loss or damage arising in any way from any use made of or reliance placed on, this information. Unless otherwise stated, any views, forecasts, or estimates are solely those of NatWest Group, as of this date and are subject to change without notice. Copyright © NatWest Group. All rights reserved.

scroll to top