Safely move on from COVID-19

ISMS.online News Roundup – 27th February 2020

Welcome

5G and business risk; NCSC updates their malware and ransomware advice; UK Government loses thousands of mobiles and laptops a year; highlights from the RSA Conference; and more in this week’s edition of ISMS.online’s Information and Cyber Security News Roundup!

Thousands of mobiles and laptops lost by UK government in a year

This brilliant BBC article reveals how, following a Freedom of Information request, the UK government staff have reported their mobile devices as either lost or stolen at least 2004 times in the last 12 months. The Ministry of Defense reported the most missing devices, followed by the HMRC tax authority.

This information highlights just how important the protection of information is as, while the vast majority of devices have been encrypted, almost 200 may not have been.

Read the full article here.

Updating our malware & ransomware guidance

The NCSC has recently updated its malware guidance to extend to ransomware, as well as changing the frameworks title to include the additional form of malware. They also took the opportunity to withdraw their standalone ransomware guidance. In this fantastic blog post, the NCSC’s Head of Guidance explains what has changed and why.

Read the full article here.

5G in the UK: What is the risk for businesses?

As the roll-out of 5G around the UK is underway, giving download speeds up to 10 times faster than 4G, but the introduction of faster connectivity will also provide cybercriminals with an opportunity to target more devices and launch more widespread cyber attacks. This brilliant article by Carl Wearn, for ITProPortal, discusses how organisations need to start implementing cybersecurity strategies that will support the mitigation of these risks.

Read the full article here.

The Pervasive Threat of Business Email Compromise Fraud – and How to Prevent It

This brilliant article for JD Supra discusses how the FBI has revealed BEC fraud is the biggest financial threat to companies in the US and how reducing the possibility of BEC attacks involves all parties involved in a financial transaction to pay close attention to email security, financial controls and communication protocols.

Read the full article here.

The great data trade-off: Why consumers will still share details – but only for a true value exchange

Data breaches and privacy controversies never seem to leave the media, and understandably so, as we are increasingly worried about who is exchanging our information with and why. In this brilliant article for Marketing Tech News, Isabel Evans explores how data ownership has become a significant concern and how people are taking measures to control their digital footprints, as well as the impact it has on data sharing.

Read the full article here.

US Defence agency reports data breach

In this outstanding article for TechRadarPro, Jitendra Soni discusses how the US Defence Information Systems Agency (DISA) was hit with a huge data breach that had penetrated the entire network. The breach is suspected to have taken place between May and July last year, revealing the personal data of more than 200,000 individuals, including information like names and social security numbers.

Read the full article here.

The California Genetic Information Privacy Act: How This Proposed Legislation Fits in the California Privacy Regulation Framework

Earlier this month, the California Senate discussed the Genetic Information Privacy Act (GIPA), which is intended to prevent the transfer of genetic information to third parties without the consent of the person. The legislation further notes that the CCPA also governs the collection of biometric information, but in comparison to the broad scope of the CCPA, the GIPA will refer only to genetic information. Justin Yedor explores the details of the bill in this brilliant article for JD Supra.

Read the full article here.

Final Draft of NIST Privacy Framework Released

In this wonderful report on the National Law Review, Julia K. Kadish discusses how NIST recently released its final version of its Privacy Framework to integrate public feedback in reaction to the preliminary it provided late last year. Like the NIST Cyber Security Framework, the Privacy Framework follows a similar structure as it is designed to be used in conjunction as well as using a risk-based approach to the protection of privacy information.

Read the full article here.

Redcar council IT hack confirmed as ransomware attack

In this interesting BBC news article details how Redcar and Cleveland Council revealed that their IT infrastructure had been compromised by hackers on 8 February, who corrupted data and made a demand for money, so the systems have been down for almost three weeks. The Council has been coordinating with the NCSC and the National Crime Agency.

Read the full article here.

Smashing Security #167: Coronavirus scams and an exaggerated lion

In this superb episode of Graham Cluley’s Smashing Security Podcast, Carole Theriault and Anna Brading join him in addressing some of the biggest issues, including how scammers from Africa are targeting US companies, the Coronavirus pandemic is causing scams to escalate and raising questions around facial recognition.

Read the full article here.

ISMS.online offers a dynamic and intuitive set of Business Continuity Management tools that help you prepare for the unexpected, then respond well to it. With our range of tools, you can pull together all your ISO 22301 and Business Continuity Management System (BCMS) related work. ISMS.online enables you to do a stand-alone BCMS or you can integrate all your ISO 22301 with ISO 27001 requirements.

Why Data Security Jobs are Growing in Popularity

In this brilliant article for Security Boulevard, Jordan MacAvoy discusses how, as data breaches become even more common and worse, the need for companies to employ data security experts has grown and there are plenty of openings for cybersecurity practitioners due to the increasing amount of cyber threats.

Read the full article here.

Cybersecurity for Food and Beverage Operational Technology (OT) Environments

Much of the attention that cybersecurity is focused on IT and office systems, but more attention is being given to operating systems for critical infrastructure, and food and beverage manufacturing is among the most easily overlooked, yet the most serious ones. In this fascinating article for Food Safety Tech, Craig Reeds examine how the consequences of a cyber attack on a food and beverage company may not just result in blackouts but could give rise to explosions or contaminated food.

Read the full article here.

Reasons Why Cybersecurity No More Concerns Only BFSI Companies Now, All Are At Risk

Akshat Kumar Jain explores how, following a recent report that more than 313,000 cybersecurity incidents have been reported this year alone, Indian organisations have raised questions about cyber threats to their business operations and critical assets as one in three companies has been facing massive financial losses due to security breaches, in this brilliant article for Inc42.

Read the full article here.

‘Trust nothing’: As breaches mount, a radical approach to cybersecurity gains favor

In this brilliant article for Silicone Angle, Paul Gillin discusses how, after the annual RSA conference held this week in San Francisco, zero trust is undoubtedly the big topic in corporate security right now, as the question is again on the agenda. He goes on to explain what zero trust is and how effective it is.

Read the full article here.

RSAC highlights: Krebs, Huawei, Congress, moonshot

In this great article for Politico, Tim Starks describes the highlights of the third day of the RSA Conference and addresses the most significant topics at the conference, including industrial control systems and hacking, anxieties around 5G and Huawei, and everything else you may have missed from the conference.

Read the full article here.

Time for cybersecurity to take back control of its story

Amid this week’s RCA Conference Ian Murphy discusses how cybersecurity discourse needs to change from one of doom and gloom set by the media. In this fantastic article for the Enterprise Times, he goes on to discuss whether this can be achieved as well as whether it is time to stop relying on a mere technological approach.

Read the full article here.

Cybersecurity expert: All construction data ‘is an asset and should be protected’

In this brilliant article for Construction Drive, Jenn Goodman explains how following a recent ransomware attack on a Canadian contractor the need for cybersecurity solutions in the construction sector has been illustrated. She continues to discuss why cybersecurity is so important to construction companies and the top three measures business executives can take to protect themselves.

Read the full article here.

#RSAC: How Medical Device Cybersecurity Could Improve

Medical devices and hospitals have been under rising threats from multiple threat actors in recent years. Sean Michael Kerner discusses how the safety aspects of medical devices were discussed at the RSA Conference in San Francisco, along with how it could be poised to change in the years ahead, in this brilliant article for the Info Security Magazine.

Read the full article here.

This Week in Tweets

Here are our top tweets of this week from the #infosec and #cybersecurity twitterverse.

Want To Receive Up-To-Date Articles, Help Materials And Infosec News?

Subscribe to our mailing list to stay informed about all of our latest updates and articles.

GET IN TOUCH

Phone:   +44 (0)1273 041140
Email:    enquiries@isms.online