Security Newsletter

The latest news from the sector sees Gartner identify a big increase in biometric tech spending but warns companies there are risks involved. You possibly missed Safer Internet Day 2019 but you should take a minute to learn more about the event. Mumsnet was hit by a major data breach and the BBC asks if Jeff Bezos was the biggest threat within his own cyber security experience …

Gartner predicts massive increase in Biometric spending to curb Cyber Security threats by 2022

Gartner, the global IT research giant, has published research that indicates a gradual shift in cyber security awareness – one that sees a changing pattern of behaviour by IT leadership towards biometric technologies.

Gartner argues:

“Security and risk management leaders responsible for identity and access management (IAM) and fraud prevention continue to seek approaches for identity corroboration that balance trust and accountability against the total cost of ownership and UX/CX,” said Ant Allan, research vice president at Gartner. “Biometric authentication uses biological or behavioural traits unique to each person and offers better UX/CX and accountability than other common methods. Implementing this via smartphone apps provides more consistency in UX/CX and is technically simpler than supporting it directly on a variety of different endpoint devices.”

However, Gartner has stated that companies need to be aware of the implications of biometric technologies and how good cyber security cultures are still necessary within any organisation looking for a fully organisational-centric approach to cyber threat prevention.

How Did You Celebrate #SaferInternetDay 2019?

How did you celebrate 2019’s Safer Internet Day on the 5th of February 2019? Did your organisation make a big deal?
You’re probably thinking, “what’s Safer Internet Day”? Well you wouldn’t be alone either. It was created by UK Safer Internet Centre, funded by the UK Government, to help provide a safer internet experience by teaching young people about good internet safety skills.

To find out how you could educate your kids about responsible use of web technologies and respectful web use for kids, the UK’s Safer Internet Centre has created educational packs to help educate people.

There are tailored packs for 3-7-year-olds, 7-11-year-olds, 11-14 year-olds, 14-18 year-olds along with additional guidance for parents, carers and educators. These guides can help provide useful internet “life” skills that can help provide the right mental skills to help prepare young people for safe internet use.

Was Jeff Bezos The Weak Link In His Own Cyber Security?

The BBC’s Chief Technology Editor, Rory Cellan-Jones, argues that humans are often (but not always) the main weakness within the cyber security landscape. There is an irony here in that Bezos’ Amazon Web Services – which powers Netflix and the wider internet – is an industry-leader in web security. Yet what came to light during his divorce and subsequent affair revelations was his phone was hacked and the biggest influence in this relationship was Jeff Bezos.
The lesson, Cellan-Jones argues, is that good cyber security hygiene is about education. More specifically:

“In other words, technology can only go so far. Good cyber-security depends on educating people not to be idiotic. The suggestion that the human factor is the weakest link is probably the biggest single cliché in the cyber-security industry.Security firms may sell all sorts of expensive tools to protect their customers from attacks, but all too often they are rendered useless when someone in the organisation clicks on a dodgy link or forgets to install a vital software update.”

But to highlight the sophistication of cyber criminality, the BBC journalist hired a top cyber security company to find out if they could ‘hack’ him and make him fall foul of a phishing scam. Within 48 hours, whilst at work at the BBC, he clicked on a BBC email from his producer and he fell victim – they had used email cloaking to access his producers’ email.

However, the main lesson from this example was to illustrate the multi-faceted dynamic of cyber criminality and the lengths – not only technologically but psychologically – that businesses need to engage with in order to create the right culture to help counter cyber crime within their respected businesses.

Mumsnet Hit By Data Breach

Parenting website, Mumsnet, the fountain of knowledge that also has a penchant for celebrities and their taste in biscuits, was forced to report itself to the Information Commissioner’s Office after a data protection breach occurred between 5-7th of February 2019.

The breach affected 46 users – out of 8 million accounts – and was specific in how it affected users. If someone logged in at the exact same time, due to an upgrade error on their system, both users would be able to view each other’s private data.
The founder of Mumsnet, Justine Roberts, stated:

“You’ve every right to expect your Mumsnet account to be secure and private,” wrote Ms Roberts. “We are working urgently to discover exactly how this breach happened and to learn and improve our processes.”

The breach resulted in posting histories, personal messages, account details and email addresses being at risk during the period in question. The wider fear, especially on social media, was by parents who feared they could be identified in real life when they posted light-hearted or emotionally charged posts on child-related issues.

The ICO will undertake a full investigation and will post a full clarification of the proceedings against Mumsnet in due course.

Australian Parliament Hit By Cyber-Hack Event

The Australian Parliament’s IT system was the victim of a cyber-hack event that looks like a Foreign state-sponsored attack on the Australian legislative body. The hack was unsuccessful as Parliamentary IT specialists stated that no information had been accessed or stolen but as a precaution the entire network’s user ID and passports systems had been reset for all users “as a precaution.”

The Australian Prime Minister, Scott Morrison, stated that there was no evidence that the government, its agencies or departments, along with individual MPs had been uniquely targeted. However, cyber security experts outside the government have told Australian media that a foreign state actor was the most feasible choice for a villain during this attack.

The Australian government has fallen victim to a spate of recent cyber attacks – with China being the most-often cited actor. This is due to the Australian Chinese relationship in the South Pacific area and the geographical pressures therein. The Government will continue to explore and investigate this threat, however cyber security professionals believe the culprits may get away scot free!

Until next time …