Ross O’Donovan, information security specialist at Logicalis Ireland was interviewed for the Sunday Business Post Cyber Security 2017 report. The following article was published on the 24th of September 2017.
Recent months have seen two potentially catastrophic data breaches: the National Health Service in Britain and the US-based credit rating agency Equifax. Large-scale breaches of personal information always result in questions being asked about IT security, and one on the lips of journalists and commentators these days is: are things getting worse?
“Certainly the numbers are worse, the numbers are huge, but the way the compromises happened were pretty much standard issue,” said Ross O’Donovan, information security specialist at Logicalis Ireland.
Too many people still aren't addressing the low-hanging fruit, he said. “The NHS turned out to be a patching issue and Equifax was a website vulnerability.It comes down to budget and a lack of focus on the fundamental building blocks. It’s not industry specific, most companies’ infrastructure and ethos grow up organically over time, and it can be hard for them to implement changes,” he said.
On top of this inertia, companies also find hiring security specialists close to impossible: true IT security specialists can effectively write their own pay cheque and tend to be reluctant to move to organisations where there are no promotion prospects.
“There is a massive shortage of competent and experienced people. There are people jumping on the perceived cash cow, but experienced people who can instil trust are very hard to find,” said O'Donovan.
“One of the advantages we have is that our engineers and security analysts are working across multiple client environments, Logicalis offers a documented career path, be that remaining technical or a potential move into management.”
IT solutions and managed services providers such as Logicalis, then, can take over the role of IT security – either on a complementary basis, or performing all security tasks.
“For the more mature organisations, we tend to complement the existing security teams, whereas with less mature organisations they come to us to reduce their risk and manage the keys to the castle. We offer the full menu of security services, and we also design and deliver bespoke services, like specialised application security.”
Logicalis has a mix of clients in Ireland, sitting across all verticals. “Historically, we focused on financial, but these days have a broad mix including government, retail, pharma, fin-tech, education, healthcare and even web-based companies that may be small in terms of staffing, but have a high turnover,” he said.
As is always the case, some businesses are more aware of the importance of security than others.
“It’s changing. The noise around the new GDPR legislation is making people at board/C level sit up and take notice. The best companies realise that IT security is a critical business enabler. but there are always companies who don't realise how reliant they are on their IT systems.”
It’s not all doom and gloom, though. O’Donovan said that apocalyptic scenarios help no one and a better approach is to make sense of what data is being kept and then trying to ensure that the most sensitive data gets the greatest level of protection.
“A lot of people are out there selling a fear and doubt approach to IT security, but there are mature and proven ways of handling issues. We always recommend our customers to take a risk-based approach to security, and we continue to follow our policy of privacy by design.”