Safely move on from COVID-19

ISMS.online News Roundup – 16th April 2020

Welcome

British government uses sensitive data in coronavirus response; Pentagon hasn’t fixed simple vulnerabilities; the UK announces plans for monitoring app; machines protecting themselves is the future of cybersecurity; and much more in this week’s ISMS.online’s Information and Cybersecurity News Roundup!

UK government using confidential patient data in coronavirus response

This interesting article for the Guardian discusses how technology companies are being used to process large amounts of sensitive data from UK patients as part of the government’s response to the coronavirus outbreak. The article continues to discuss the privacy consequences of this move and what the purpose of this is.

Read the full article here.

The Pentagon Hasn’t Fixed Basic Cybersecurity Blind Spots

A new report from the US Government Accountability Office has highlighted systemic shortcomings in the Pentagon’s efforts to prioritize cybersecurity after being aware for several years that the DoD has several known vulnerabilities. In this fascinating article for WIRED, Lily Hay Newman explores the findings of the report, including how despite setting security hygiene goals, the DoD has not completed the cybersecurity training and awareness tasks it set out.

Read the full article here.

Your VPN could be putting working from home at risk

In this excellent article for TechRadar, Anthony Spadafora discusses how, in a newly released report to the NCSC, the US Department of Homeland Security’s CISA alerted that cybercriminals and threat groups are now targeting individuals and companies with a variety of ransomware and malware. Also, Spadafora continues to explore how cybercriminals have begun searching for vulnerabilities in VPN applications and telecommuting tools.

Read the full article here.

Coronavirus: UK confirms plan for its own contact tracing app

The UK has announced plans for an app that would alert users if they have recently been near someone suspected of having coronavirus. In this excellent BBC News report, Leo Kelion explains how the NHS digital innovation department will test a version of the app in the North of England next week, as well as the privacy issues that this brings with it.

Read the full article here.

Podcast: Staying Up to Speed on Your Top Security Priorities with CISO Mark Houpt

In this fantastic episode of Tripwire Podcast, Tim Erlin talks to Mark Houpt about how he works with all sorts of organisations to help them tackle a plethora of evolving laws, standards and security problems across all industries and sectors.

Read the full article here.

BT delays removal of Huawei from EE’s core network by two years

This insightful BBC News article details how Huawei’s presence in the essential sections of EE’s mobile network is expected to continue longer than anticipated, after reporting that 100% of its core mobile traffic will be on its latest Ericsson-built platform by 2023.

Read the full article here.

Growth in surveillance may be hard to scale back after pandemic, experts say

The Coronavirus epidemic has led to billions of people around the world facing increased surveillance, with governments in at least 25 countries using extensive digital monitoring programmes. This informative article for the Guardian discusses the nature and consequences of some of these systems for the future of data privacy.

Read the full article here.

Ford and Volkswagen smart cars may come with some major security risks

A new report from Which? has found serious security bugs in best-selling connected cars that could cause them to be hacked. In this brilliant TechRadar post, Anthony Spadafora discusses the results of this study as well as how the organisation worked closely with cybersecurity experts to investigate the computer systems that control the connected features of two of the most popular cars.

Read the full article here.

How we will regulate during coronavirus

The Information Commissioner’s Office has released a statement detailing what you can expect from the ICO in the coming months following the release of a document setting out their approach to regulatory compliance during the coronavirus pandemic.

Read the full article here.

Why Compliance is for Guidance, Not a Security Strategy

Jason Fruge discusses why regulatory compliance with information security is just the beginning of protecting your networks, as thinking that compliance is the same as being secure is the greatest mistake CISOs can make, in this superb article for InformationWeek.

Read the full article here.

From the Horse’s Mouth: Cybersecurity Pros’ Favorite InfoSec Quotes

In this brilliant article for Security Boulevard, Ruchika Mishra lists some of the favourite quotes from a twitter thread of information security professionals, with both critical and funny examples.

Read the full article here.

Windows 10 critical flaws revealed in April security update: What to do now

Microsoft released its April Security Release Notes on Tuesday that revealed fixes for more than 100 vulnerabilities, including three that have been actively exploited for zero-day attacks. In this insightful article for LaptopMag, Phillip Tracy focuses on what these vulnerabilities are and how to protect your Windows PC.

Read the full article here.

Are you looking to improve your organisations Business Continuity Management? Having an ISO 22301 compliant BCMS demonstrates to stakeholders that your business continuity capability is appropriate to the scale and scope of your organisation. Business continuity is also an integral part of an Information Security Management System, particularly if you are already working to achieve ISO 27001 certification.

Pull together all your ISO 22301 and BCMS work in one place with ISMS.online’s pre-populated ISO 22301 add-on and range of Business Continuity Management tools. It couldn’t be easier to combine the work you already have done for your ISO 27001 certification project and expand on it, as well as making it possible to do a stand-alone BCMS. 

Cybersecurity Prep for the 2020s

In this excellent article for DarkReading, Dave Meltzer discusses how to run a security programme built around an attack-surface reduction, particularly when many organisations are still lacking in the basics of cybersecurity.

Read the full article here.

Machines Protecting Themselves Is The Future Of Cybersecurity

In this marvellous article for Forbes, Louis Columbus discusses how current solutions of protecting IT infrastructure are proving to be inefficient as social engineering and infringement attempt to succeed in trying to divert human responses to cyber threats, emphasising the need for machines to defend themselves.

Read the full article here.

Cybersecurity Awareness Training Goes Virtual

Cybersecurity awareness training can be a challenge for most businesses, but now, with the additional constraints of COVID-19, the problem is growing exponentially. In this riveting article for BankInfoSecurity, Tom Field interviews training expert Christine Izuakor on how to turn the e-learning challenge into an opportunity.

Read the full article here.

Best Practices: Remote Working Cybersecurity Safeguards For The Payments Industry

In this fantastic article for JDSupra, Caroline Morgan discusses how best practises having been provided by the PCI Security Standards Council to secure and protect telephone-based payment card data while working remotely. This comes as COVID-19 has forced workers to operate at home, posing cybersecurity challenges to payment industry companies.

Read the full article here.

Over 500,000 Zoom accounts sold on hacker forums, the dark web

In this excellent article for BleepingComputer, Lawrence Abrams describes how over 500,000 Zoom accounts have been cheaply sold on the dark web and hacker forums, in some cases free of charge, so that hackers can use them in zoom-bombing pranks and other malicious activities.

Read the full article here.

COVID-19 Has United Cybersecurity Experts, But Will That Unity Survive the Pandemic?

Coronavirus has inspired thousands of cybersecurity professionals to volunteer their expertise to launch joint projects aimed at preventing cybercriminals who try to exploit the crisis for financial gain. Brian Krebs investigates whether this unparalleled degree of cooperation will survive the pandemic, in this spectacular article on Krebs’s Security blog.

Read the full article here.

Huge Jump In Number Of Leaked Government Records

Emma Woollacott discusses how, according to new reports, more than 17 million government and political records have been leaked compared to the previous year, resulting in a 278 per cent rise for Forbes in this outstanding post.

Read the full article here.

Cybersecurity in a remote workplace: A joint effort

As many companies now find themselves with fully remote workforces, Gerald Beuchelt discusses how companies can improve their cybersecurity and prevent staff from falling victim to hackers, in this fantastic HelpNetSecurity post.

Read the full article here.

This Week in Tweets

Here are our top tweets of this week from the #infosec and #cybersecurity twitterverse.

Want To Receive Up-To-Date Articles, Help Materials And Infosec News?

Subscribe to our mailing list to stay informed about all of our latest updates and articles.

GET IN TOUCH

Phone:   +44 (0)1273 041140
Email:    enquiries@isms.online