IT Security Updates Issue 3

The ICO has fined the UK Government’s historic sexual abuse inquiry after a “very distressing” data breach, CISCO promotes a new way of tackling cryptomining hacks, UK Government to launch consultation on changing the UK cyber security sector in order to make it fit for purpose and more…

ICO fine Child Sexual Abuse Inquiry £200,000 for mass email ‘error’

The Information Commissioner’s Office has fined the Independent Inquiry into Child Sexual Abuse after the inquiry sent a bulk email that identified victims. The inquiry was formed in the wake of the Jimmy Saville scandal to help investigate the extent of institutional child sexual abuse. The historic abuse inquiry was fined £200,000 by the ICO after sending an email to 90 participants. However, after discovering an error in the original text, they re-sent an updated version which was sent via the “To” function and not the “BCC”. This meant that nearly a hundred email addresses were publicly visible to the entire audience of the email.

The ICO stated:

“This incident placed vulnerable people at risk, which is concerning. IICSA should and could have done more to ensure this did not happen. People’s email addresses can be searched via social networks and search engines, so the risk that they could be identified was significant.”

UK Government to launch major consultation to help boost UK cyber security standards

The Department for Culture, Media and Sport has unveiled a new consultation aimed at implementing the National Cyber Security Strategy as a means of developing the cyber security profession in the UK. The ever-growing threat of cyber crime has focussed the Government’s attention of the woeful unpreparedness of the UK cyber security sector and therein the availability of cyber security talent in the UK.

The consultation’s objectives are clear:

“Developing the cyber security profession, including through achieving Royal Chartered status by 2020, reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy.”

CISCO launches malicious crypto mining protection

CISCO, the major IT networking giant, has launched Talos, an innovative technology that can help stop malicious attacks and therein the computational power theft that comes from blockchain crypto mining. CISCO believes the wild nature of cryptocurrency values has provided hackers with the motif for illegal crypto mining.

CISCO’s own research has found that the threat is spreading across the web with diverse channels being utilised in order to gain access to computational power and space – from web browsers, email to chat applications. The threat to business is gigantic and CISCO’s intervention could help businesses change the way they manage their IT infastrtructure in the wake of this new threat.

CISCO noted:

“Talos is leveraging our superior visibility and the unique position and capabilities of Cisco’s security solutions to identify, prevent, and remediate cryptomining infections in our customers’ environments. See the threat once, block it everywhere.”

The CISCO Talos partnership will provide businesses with a new form of protection against an ever-growing malicious form of cryptomining.

UK CEOs think cyber attacks are “inevitable”

Business services giant, KPMG, surveyed UK CEOs about cyber attacks and cyber crime more generally. The findings illustrate a changing shared attitude towards cyber criminality within the c-suite landscape. CEOs believe cyber attack prevention is about the “when” not “if” an attack will occur.

With four in 10 CEOs believing cyber attacks on their businesses will occur and that opportunities for defense are becoming a central part of the boardroom narrative in order to protect their businesses from harmful cyber attack invasions.

KPMG Noted:

“The seeming inevitability of a cyber-attack crosses all borders and has now crossed firmly over the threshold for board-level discussions. Protecting the business from a cyber-attack has jumped further up the boardroom agenda and we are seeing businesses making their defences the best that they can be.”

However, behind the pessimistic outlook a more aware sensitivity exists – one that finds 39% of businesses believing their organisations are ‘very well’ prepared to counter any cyber intrusion within their business organisation. The mature understanding being developed by business leaders is also backed-up by a more determined IT leadership strategy by IT managers.

British Airways breaching GDPR through Twitter

The flag-carrying airline giant, British Airways, found itself in a spot of bother this week when its social media team asked for personal data to be relayed publicly via Twitter. The BA social media team asked customers for personal information in order to comply with GDPR.

This unorthodox “interpretation” of GDPR has been identified by GDPR professionals as wilfully wrong and a distraction to the real issue facing BA and others – the problematic roll-out of GDPR compliance within their businesses.

There are several Tweet examples (with several more deleted in recent days) that have real customers providing addresses and passport numbers being sent via Twitter. Twitter – as a public forum – wasn’t BA’s best choice of discussion platform. The argument that this was necessary for GDPR is idiotic.

Opinion: Forbes argues for GDPR to become a global standard

The roll-out of GDPR has impacted businesses worldwide. Forbes argues that it could be a gold standard for global businesses to improve data protection standards worldwide. They argue that data protection standards are needed and with diversity of protection between different territories, using GDPR as a baseline could help promote sound data protection standards worldwide.

With diverse actors – from Cher’s fan club to Rolling Stone magazine – sending out GPRP updates to non-EU audiences highlights the global impact of GDPR. Therefore, with American and Asian businesses focussing on GDPR, perhaps standardising globally around GDPR could help create confidence in business data protection values and standards?

Until next time …