As threats to the cloud increase with the advent of generative AI, Northern Ireland is building a sturdy cyber security ecosystem, writes Pavel Barter
Ciaran Martin, the Tyrone-born former chief executive of the National Cyber Security Centre, part of GCHQ, described cyber crime from organised ransomware criminals based out of Russia as “the biggest threat to businesses of all size”.
Although most attacks go unreported, the “threats are ubiquitous and almost out of control,” Ciaran said.
Capitals such as London and Dublin, with their large data-fuelled corporations, are at particular threat, but Northern Ireland and its proliferation of SMEs is also an attractive target for cyber criminals. SMEs, which struggle to devote financial resources or time to cyber security, can be vulnerable.
“Criminals have become more sophisticated,” Ciaran says. “They research their targets. They don’t demand a million US dollars in Bitcoin from a small business because they know a small business can’t pay that. Throughout the UK and Ireland, you see the likes of small hairdressing salons being asked for £1,500. Criminals tailor the ransoms. For a small organization that’s a lot of money – it’s debilitating.”
Ransomware tends to work in two ways. The malware either locks victims out of their networks, freeing them only when a ransom is paid. Or it steals data and threatens to publish that data on the Dark Web in the absence of an extortion fee. Northern Ireland’s high-tech and R&D industries and its abundant start-ups are in the firing line.
“Intellectual property theft is a big deal for small businesses,” Ciaran says. “AI, life sciences, pharmaceutical patents all run the risk of losing precious data. The Chinese state has been associated with this type of activity. You’ve invested loads of money in high-tech research and then all of a sudden you find somebody in China has suspiciously replicated your research in record time without any infrastructure.”
In parallel, Northern Ireland has been building a global method of defence to become a cyber security hub. In a 2023 report, the Centre for Secure Information Technologies (CSIT) at Queen’s found that 124 companies are “actively contributing” to the region’s cyber security ecosystem which has a targeted employment figure of 5,000 jobs by 2030.
Rapid7 operates out of locations across the US, Canada, Europe, Asia-Pacific and Australia, and its Belfast operation leads the way for cyber security. Dr Stuart Millar, principal AI researcher at Rapid7 credits Northern Ireland’s “top class engineers and project managers” as a reason behind the cyber security boom here. CSIT, which received a £18.9m investment in 2023, is a pioneer of hardware security that partners with multi-national.
“You get bubbles and a lot of hype in cyber security, but CSIT and their partners have cleverly avoided all of that and over time built a reputation,” Ciaran says. “They don’t overhype and their output tends to work. CSIT has a justifiable claim to be the best academic institution for cyber security research in the UK and Ireland.”
Rapid7 recently signed a new partnership with CSIT which will investigate threats to cloud services by utilising AI and machine learning techniques. The partnership is geared toward not only bolstering cyber defences, but also preparing a new generation of students for NI’s cyber security ecosystem. “This hub between CSIT and companies like Rapid7 allows us to collaborate on real world cyber security problems, creating solutions that get streamed into services or products,” Stuart said.
“It’s a dovetail of industry’s cutting edge approaches for AI cloud security and academia’s resources.”
Cloud infrastructure can be vulnerable for a business of any size. “IT specialists within a business that look after an on-premises kit might be less familiar with their cloud kit – services like Amazon, Azure, Microsoft or Oracle, for example. They are more open to being compromised. Malicious actors can leverage AI, machine learning or data science, to attack a lot faster and write better phishing emails to trick you into transferring money.”
There have been numerous high profile examples of cyber attacks on the island of Ireland. In 2021, hackers compromised the Health Service Executive in the Republic and extorted them over capture of private data. In 2023, a Royal Mail distribution centre in Mallusk, Antrim, fell victim to a reported Russian ransomware gang.
“This might sound like a Hollywood movie plot, but we have a set of vulnerabilities around critical infrastructure [in Northern Ireland],” Stuart said. “Cyber-security is a lot more than just protecting the contents of your laptop or your bank details. People can try and compromise the physical infrastructure: energy, water, how the bus systems work.”
A spokesperson for the Department of Finance (DoF) said the department “works in collaboration with partners and key stakeholders across the UK to ensure Northern Ireland is cyber resilient” and “provides access to guidance and best practice” on ways to improve cyber-security.
Responsibility for the cyber-security of Critical National Infrastructure, they said, “rests with the respective lead government departments” alongside a network and information systems regulator at DoF. “The Regulator works with delivery operators in the energy, transport, drinking water and health sectors to ensure a high level of security.”
Following two major data leaks, the PSNI claims to have improved its IT systems. Chief superintendent Sam Donaldson told Ulster Business: “A new data board has been established which is leading on the response to the data breach in August 2023 and on our broader approach to information and data management. The board’s priority is to oversee the implementation of all the recommendations which have arisen.”
One common thread links cyber security at critical infrastructure, large corporations and SMEs: cyber threats are increasing. Cyber criminals are now learning how to leverage AI to access cloud services. Dr Stuart Millar describes AI cyber crime as bringing “scale, believability and better camouflage” to cloud threats.
“Take phishing emails, for example. Traditionally you might have received an email from a strange part of the world where the grammar might not have been great. A lot of people would disregard it quite quickly. Generative AI can create compelling, realistic paragraphs and sentences. The chance of you being bamboozled into giving away your bank details is going to be a lot higher. Generative AI allows cyber criminals to launch more attacks at scale. It’s a game changer.”
But AI can also be employed to predict, defend and protect businesses from these types of attacks. “You can train an AI model to learn from data which would take a human months or years to manually look through. It automatically understands the context and encapsulates that inside an AI system,” Stuart said.
Ciaran Martin encouraged businesses to build up their immune systems. “Start with a risk assessment. What’s the most important thing for your organisation? Is it a data set, intellectual property or operational technology? Are there specific reasons why somebody might want to hack you? How are they most likely to get in? Most cyber attacks exploit known vulnerabilities and if your patches are not up to date, you are asking for trouble. Get your network tested: what we call penetration testing.”
Crucially, organisations should plan for the loss of their network. “If you were to lose your system, how would you cope? Do you have a backup? If so is it somewhere the same attacker can find and take out as well? Do you have a way of reverting temporarily to a previous way of working? Businesses small and large have been wiped out by this. Organisations of any size absolutely need a cyber defence plan.”
