‘Terms like big data aren’t just buzzwords any more’

Most of the big technology companies are based in Ireland, with Workday to create 1000 jobs over the next two years.

This has meant that Ireland is slowly becoming a leader in digitisation, and we are uniquely placed to draw on the expertise and experience from global multinationals in the fight against cyberattacks.

Barry Scannell is a consultant for law firm William Fry’s technology group and an expert in digital security.

“Ireland is recognised as a global leader in the tech and data arena,” he says. “Terms like ‘Big Data’ aren’t just buzzwords any more. We really are in a digitised, data-driven global economy, and Ireland is at the centre of things as we always tend to be when it comes to technology.

“The EU has been preparing for this transition for some time, and we saw the first sortie into data legislation with the General Data Protection Regulation [GDPR]. There are a number of other important pieces of data regulation following in its tracks, such as the AI Act, the Data Act, and the Data Governance Act, all of which will need to be considered by organisations wishing to do business in, and with, the EU.”

Recent research commissioned for the William Fry Global Trends in Technology and Data Report found that 97 per cent of 300 C-suite executives from around the world view Ireland as a favourable location for data-related investment, while 92 per cent rate Ireland’s data-related regulatory climate as good to excellent.

“These new laws bring in new obligations, regulations and responsibilities, so it is more important than it ever has been for companies to have good, carefully planned, data, digitisation and cybersecurity measures and policies in place,” Scannell says.

Dr Cormac Doherty, cybersecurity programme manager at the UCD Centre for Cybersecurity and Cybercrime Investigation (CCI), has been investigating cybercrime and cybersecurity since its establishment in 2006.

He says it is very difficult to stay on top of every single technical loophole an attacker might be able to use to access systems.

“DDoS attacks, vulnerability exploits, phishing, smishing [where fraudsters use mobile phone messages to trick you into opening a malicious attachment or link, often purporting to be from your bank, phone company or a government department such as Revenue] and other ‘social engineering’ attacks that lure victims into a false sense of security are among the tools that criminals may use,” Doherty says.

CCI has provided training material and education to law enforcement in carrying out forensic investigations, with Doherty serving as technical adviser to the BPFI’s (Banking and Payments Federation of Ireland) High-Tech Crime Forum for more than a decade. He says that, while attacks on physical hardware, such as ATMs and cash-in-transit vans, have decreased, cybercrime and crime with a digital footprint has risen.

“Because of the speed at which these attacks take place, we use automated exchanges of threat intelligence and these are shared between financial institutions who would, in the normal course, be competing with each other,” Doherty says. “Those rivalries are put aside when it comes to cybersecurity.”

Scannell says that, when their clients face a cyberattack, the legal privilege afforded to them by engaging with a law firm in such a situation ensures that the response can be carried out openly and efficiently without the concern of commercially sensitive information being made public either through litigation or other means.

“One of our areas of focus with clients is assisting in the development of appropriate cybersecurity policies to help assess weaknesses and susceptibility to cyber threats.

“When other defences fail, being suitably prepared to deal with a data breach or cyberattack is imperative to businesses.”

One recent case stands out.

“We assisted a client in the wake of a cyberattack with actioning and analysing the outcome of its cyber response, including notifying the Gardaí, international police, the relevant banks and insurers,” Scannell recalls.

“We then managed the client’s legal response including advising on its notification strategy with the data-protection authorities and managing the investigation; communications with those impacted by the breach; and internal reporting and liaising with forensic security consultants.

“At the same time, we assisted the client in devising and executing a combined legal and commercial strategy to actively pursue the retrieval of the money. This strategy ultimately resulted in our client retrieving the vast majority of the hacked sum.”

William Fry’s research ultimately found that data-related regulatory issues are now the primary consideration when choosing an international location.

“Ireland is punching above its weight and we anticipate this pattern to continue,” says Scannell.