ISMS.online News Roundup – 5th March 2020

Welcome

A council could be fined over a stolen laptop; NHS staff to use approved alternative to WhatsApp; SpaceX and Tesla supplier hacked; additional 5G concerns; and much more in this week’s edition of ISMS.online’s Information and Cybersecurity News Roundup!

Are you looking to improve your organisations Business Continuity Management? Having an ISO 22301 compliant BCMS demonstrates to stakeholders that your business continuity capability is appropriate to the scale and scope of your organisation. Business continuity is also an integral part of an Information Security Management System, particularly if you are already working to achieve ISO 27001 certification.

Pull together all your ISO 22301 and BCMS work in one place with ISMS.online’s pre-populated ISO 22301 add-on and range of Business Continuity Management tools. It couldn’t be easier to combine the work you already have done for your ISO 27001 certification project and expand on it, as well as making it possible to do a stand-alone BCMS. 

Portsmouth council could be fined after files stolen with laptop

It was reported this week that Portsmouth City Council are in a spot of bother, facing a fine of up to £17m. This has come about after it was reported that a council employee had paperwork and a laptop stolen from his car. BBC News reports.

Read the full article here.

NHS staff told to stop using WhatsApp as free alternative approved

In this terrific article for Pharmaphorum, Richard Staines explains how the UK health authorities have authorized a free Hospital Messaging App to avoid staff exchanging confidential clinical data through consumer apps such as WhatsApp.

Read the full article here.

“Shark Tank” TV star loses almost $400,000 in Business Email Compromise scam

In this fantastic article for Hot For Security Graham Cluley explains how Barbara Corcoran, one of the business moguls who heads the jury on the investing show “Shark Tank” on US TV, has lost nearly $400,000 to an email fraudster posing as Corcoran’s executive assistant.

Read the full article here.

Phishing – still a problem, despite all the work

In this excellent blog post, Rhys W, part of NCSC’s Private Sector and CNI Team, discusses how the NCSC has created a Webinar outlining current thinking on how best to avoid phishing attacks to help you address some of the concerns around this and start protecting your company effectively.

Read the full article here.

NSA Issues Cloud Security Guidance

Danny Bradbury explains how the US National Security Agency (NSA) revised its Cloud Security Guidelines towards the end of February. In this wonderful article for the Infosecurity Magazine, Bradbury discusses what changes have been made as NSA high-ups have said the update is more advanced than its predecessor.

Read the full article here.

Rail station wi-fi provider exposed traveller data

Network Rail and the service provider C3UK have revealed that the e-mail addresses and travel information of around 10,000 individuals that used free Wi-Fi at UK railway stations have been posted unprotected online. In this thought-provoking report for BBC News, Zoe Kleinman explains how the archive contained 146 million documents, including personal contact information and dates of birth.

Read the full article here.

SpaceX and Tesla documents leaked online by hackers

The American manufacturer Visser Precision, who works with SpaceX and Tesla, is being extorted by cybercriminals. Alexander Martin discusses how the hackers have leaked documents related to these firms and have already published non-disclosure agreements signed by Visser Precision and Elon Musk-led businesses in this brilliant article for Sky News.

Read the full article here.

Millions of websites face ‘insecure’ warnings

Secure access to websites has been put into question this week following an investigation by the Internet Security Research Group (ISRG). The organisation which issues digital certificates which allow safe access to websites revealed that three million had to be revoked after a bug was discovered. BBC news explores this story a little more closely.

Read the full article here.

Tesco blocks 620,000 Clubcard accounts after security scare

An excess of 600,000 Tesco Clubcard owners are about to recieve replacement cards, after it was discovered that hackers were trying to access customer accounts. Graham Cluley reports on the actions taken by the supermarket giant and looks at the possible type of attack which was used.

Read the full article here.

Boots halts Advantage Card payments after cyber-attack

Boots also restricted sales with Loyalty Points in stores and online following attempts to break into customer accounts with stolen passwords. This comes just days after a similar issue affected users of Tesco Clubcards. In this excellent BBC News report, David Molloy discusses the reaction to this and how you can avoid becoming a target yourself.

Read the full article here.

Smarter cyber security must underpin Europe’s digital future

Alyn Hockey explores, in this fantastic article for Open Access Government, why more efficient and smarter cybersecurity will underpin Europe’s digital future. This follows a recent announcement by the EU of their new strategy and a series of proposals that set out their approach to data, artificial intelligence and platform regulation for the next five years and onwards.

Read the full article here.

NIST Privacy Framework: How to put this GDPR and CCPA guide to work

The recently released Privacy Framework from US National Institute of Standards and Technology aims to help organisations to fulfil all their privacy requirements as well as supporting compliance with regulations such as GDPR and CCPA. In this excellent article for TechBeacon, Karen Martin discusses what your company needs to know about the NIST Privacy Framework and how to put it to use.

Read the full article here.

Don’t be like Bezos: How to keep your phone from being hacked

Teena Maddox discusses how anyone can be the victim of a Jeff Bezos-like data breach. In this great article for TechRepublic, she discusses how to keep your phone safe by always staying up to date of potential security threats on devices, as well as advice for a person who suspects their phone to be compromised.

Read the full article here.

20 Cybersecurity Statistics Manufacturers Can’t Ignore

In this excellent article for the NIST blog, Jennifer Kurtz discusses 20 of the most relevant and surprising cybersecurity facts that SMBs and suppliers should pay attention to as they are especially vulnerable to attacks, especially after the Visser security breach.

Read the full article here.

Reflections of a longtime government IT auditor before he steps down

In this great edition of the Federal Drive podcast, Tom Temin speaks to Greg Wilshusen, who has been overseer of cybersecurity for federal agencies over the last 23 years. As he has decided to retire, he shares his opinion on the ongoing question of the Chief of Information Security at the Government Accountability Office.

Read the full article here.

AI CLOSES THE SKILLS GAP IN CYBERSECURITY

As companies face the widespread shortage of skilled security and threat management expertise, resulting in an increase in external and internal risks, AI, machine learning and automation are playing a larger role in bridging this skill gap. In this fascinating article for Analytics Insight, Priya Dialani discusses the degree to which machines will help and improve cybersecurity teams and does it discredit the requirement of human staff.

Read the full article here.

The weak link

During the NJBIZ think-tank, experts gave advice on how to avoid becoming a target of cyberattacks by pointing out that hackers are carrying out attacks on enterprises, stealing money, manipulating private information and eroding trust in customers and firms, and encouraged participants to think critically and recognise an intrusion when one emerges in this article for AMEin.

Read the full article here.

Go Hack Yourself

Robbing banks has become a far more technical affair, with money being more commonly stolen via a computer. A Russian cybercriminal organisation self-titled Evil Corp, has been responsible for attacking more than 300 banks in more than 40 countries and stealing higher than $100m. While threats like this increase, banks are now turning to the recruitment of hackers to help in their prevention of attacks. Craig Colgan for ABA Banking Journal reports on this strategy in this great article.

Read the full article here.

Cybersecurity is now the top focus of upstream oil and gas companies’ digital investments

Companies who go hunting for gas and oil have now turned to prioritising digital security as a means of adding business value and improving the protection of assets. This news has come via a new report by Accenture, which has now been captured in this intersting article by AMEinfo.

Read the full article here.

Decoy Website Used to Fool Hackers into Sharing Tactics

In this fantastic article for Digit, David Paul discusses how researchers at the University of Texas have established a cybersecurity defence strategy to trick hackers and expose their secrets by using the decoy platform to teach artificial intelligence their techniques and processes.

Read the full article here.

Cybersecurity incidents at schools nearly triple in 2019

During 2019, schools in America were subject to 348 cybersecurity incidents, nearly three times as many than the previous year. Mike Kennedy for American School and University Magazine takes a look at the reported incidents, which resulted in the theft of millions of dollars, stolen identities and denial of access to integral systems.

Read the full article here.

Cyber security experts sound the alarm on 5G

In spite of the continued debate over 5G, its readiness and security issues, the technology is sticking around. That being said, talks continue to educate on the key concerns and things to look for which has been continued in this piece by Fiona Leake for 5G radar.

Read the full article here.

Want To Receive Up-To-Date Articles, Help Materials And Infosec News?

Subscribe to our mailing list to stay informed about all of our latest updates and articles.