Cybersecurity

Subscribe to Cybersecurity via RSS

Today marks the effective date of the Digital Operational Resilience Act (DORA) and with it, additional incident reporting obligations for in-scope financial entities. 

With the aim of standardising the incident reporting process for financial entities throughout the EU, from today, in-scope financial entities must report any ‘major ICT-related incidents’ to their relevant competent authority. 1For the majority of financial entities within the scope of DORA in Ireland, this will be the Central Bank of Ireland while for others (such as pensions trustees) it will be the Pensions Authority. These new incident reporting obligations apply in addition to

Continue Reading Navigating the DORA ICT Incident Reporting Obligations

The Department of Justice yesterday published the Criminal Justice (Offences Relating to Information Systems) Bill 2016. The Bill, which is long overdue, will replace some of the existing patchwork of cybercrime legislation.

The primary purpose of the Bill is to transpose the European Directive 2013/40 or the Cybercrime Directive as it is more commonly known. The Cybercrime Directive is aimed at harmonising Member States’ criminal law in the area of cybercrime by creating minimum rules for the definition of cybercrime offences and the relevant sanctions and to improve cooperation between competent authorities.Continue Reading The Cybercrime Bill is here

Last month the Department of Communications, Energy and Natural Resources published the Government’s National Cyber Security Strategy 2015-2017 (the Strategy).

In 2013 the World Economic Forum classified cyber related threats as one of the highest of all global risks from the perspective of impact and likelihood. This assessment was echoed at a national level in the Government’s 2014 National Risk Assessment. The development and proliferation of Information and Communications technology (ICT) has transformed the way in which society operates. There are few sectors of both society and the economy which do not rely on some form of ICT for their continued operation. This increased dependence has led to increased risk with threats such as hacking, cyber-crime, hacktivism, cyber espionage, software failures and even human error posing a direct threat not only to the daily lives of Irish citizens but also to the economy and the State. Continue Reading Government publishes National Cyber Security Strategy

Unmanned Aerial Vehicles, or Drones, as they are more commonly known, have traditionally been regarded as a military tool, frequently featuring in media reports on US military action as well as TV dramas such as ‘Homeland’ and ‘House of Cards’. They are however, being increasingly put to a much broader spectrum of uses.

Drones have been used by humanitarian organisations to deliver food and medical supplies to crisis-stricken areas. Following typhoon Haiyan in the Philippines, drones were used by international relief agency Medair to map terrain and create a detailed system of 3D aerial images of the region to make relief efforts more efficient. Amazon’s Prime Air development project has also garnered a lot of attention for its goal to use drones to deliver goods to customers in 30 minutes or less. Drones are also now available to buy in electronics stores and are used to capture videos and photographs by amateur and professional photographers. Continue Reading Drone Regulation Takes Flight

Symantec released their annual Internet Security Threat Report (the Symantec Report) last week (available at http://www.symantec.com/security_response/publications/threatreport.jsp) and it makes for alarming reading. The risk of cyberattack is one that has been brought to the forefront of popular consciousness by the devastating cyberattacks on Sony Pictures Entertainment in 2014 and the Symantec Report shows that 2014 saw a worryingly exponential increase in the number, severity and sophistication of such attacks.Continue Reading Symantec Cyberattack Report a timely reminder of increasing Cyberattack risk

On 3 February 2015, the Securities and Exchange Commission (the "SEC") and the Financial Industry Regulatory Authority ("FINRA") both issued cybersecurity reports to the US securities industry. The SEC is the US Federal Government’s securities regulatory agency, while FINRA is a private company that acts as a self-regulatory organisation for US securities firms. The publications highlight the increased US regulatory focus in this area.

SEC: Risk Alert – Cybersecurity Examination Sweep Summary

The Risk Alert summarises the SEC’s findings following its examination of 57 broker-dealers’ and 49 investment advisers’ controls regarding cybersecurity preparedness. Notable statistics from the firms examined include:

       88% of broker-dealers and 74% of investment advisers have experienced cyberattacks either directly or through one of their vendors. The majority of the cyberattacks involved the use of malware and fraudulent emails but no single loss exceeded $75,000;

       93% of broker-dealers and 83% of investment advisers have written information security policies in place, of those, 89% of broker-dealers and 57% of investment advisers periodically audit policy compliance;

       58% of broker-dealers and 21% of investment advisers maintain cybersecurity insurance, however, only one broker-dealer and one investment adviser reported that they had filed claims; and

       Only 15% of broker-dealers and 9% of investment advisers offer security guarantees to protect their clients against cyber related loss.Continue Reading Two US regulatory bodies simultaneously publish cybersecurity reports