A security researcher has suggested that the lack of encryption at Irish companies could be contributing to the lack-of-security situation.
The report from cybersecurity firm Vulnerability Intelligence, which analysed the security of nearly 2.5 million accounts in the Irish market, revealed that only 12% of the companies in the study had either a password-protecting system or a strong password protection system.
Vulnerability Intelligence found that while a large proportion of companies had encryption on their accounts, many of those companies still lacked password protection and some also had poor password security, and only half of the firms had a strong encryption.
Vulnerable companies were more likely to be in Ireland, the report found.
A spokeswoman for Irish Computer Emergency Response Agency (ICREA) told The Irish Independent that it has taken steps to improve password protection, but this was not enough.
“The majority of organisations are secure with a password and strong password security but we need to look at more of the issues with the encryption and how that affects people’s data, we need better systems and we need a robust, comprehensive, open, and safe online presence,” she said.
“There’s no doubt there’s more we need and we will be updating the security policies as and when we’re ready.”
Vulnerability intelligence has been published in the past.
Last year, it identified the UK’s National Audit Office as one of the top 10 most vulnerable organisations, after it received a cyberattack in 2013.
In 2014, it warned that Irish IT firms are under pressure to make security their top priority, adding that Irish companies had a “low risk” of being hacked.
This year, Irish IT company EMC warned of the need to secure its systems.
The Irish Computer Security Information Centre (ICSCI) said that a recent report published by the Royal Irish Academy of Engineering suggested that encryption could be a significant factor in the failure of Irish companies to secure their networks.