14 September 2018

IRM Weekly Cybersecurity Roundup: British Airways mega-breach and more

Each week, IRM gathers up (what we think) are the most interesting and important reads from the cybersecurity industry. The weekly roundup will include good and bad examples of cybersecurity practice and thought pieces from across the globe – all summarised in one handy place for your regular news top-up.

Plymouth becomes UK’s first university to receive MCA cybersecurity accreditation
The University of Plymouth has just received accreditation by the Government’s Maritime and Coastguard Agency (MCA) to deliver the ‘Cyber Security Awareness’ course. Not only is Plymouth the first University in the country to receive this accreditation, they are one of just a handful of organisations in the UK who have the accolade.

With the understanding of the growing interest in cybersecurity’s impact on the maritime industry, the University now offers the training course to students at the Business School, as well as external maritime industry professionals.

You can read the full article here.

British Airways hit by £500m lawsuit after recent ‘mega-breach’
Last week, we heard the unexpected news that British Airways (BA) had experienced a data breach. This week, a law firm is seeking £500m for victims in a group-action lawsuit based on rights associated to the EU GDPR.

BA has offered compensation to the 380,000 customers who were affected by the airline’s breach last week. Despite this, a group-action suit led by SPG Law contends that the customers deserve more compensation for the “inconvenience, distress and annoyance associated with the data leak”.

Whilst many have claimed that the initiative has been set up by SPG Law as an “ambulance chaser”, seeking profit from the cybersecurity breach, the law firm have downplayed their intentions to gain huge profits through the fees charged to victims.

You can read the full article here. 

Capital One under fire for discouragement of password managers
Whilst many of us now use password manager applications to help maintain secure passwords, Capital One has come under fire this week for discouraging their use.

The bank has been criticised for using policies on its website which prevent the use of copying passcodes from user’s password managers. These policies mean that banking users are unable to use their password managers in conjunction with the website. In turn, this can have a negative effect on the security of customers, as it discourages them from using long, complex and unique passcodes. However, that Capital One aren’t the only organisations blocking ‘copying and pasting’ mechanisms from password managers, such as Bank of Scotland and Nationwide.

You can read the full article here.

NCSC’s Chief Executive call UK businesses to upgrade cyber security
The Chief Executive of the UK’s National Cyber Security Centre (NCSC), Ciaran Martin, has urged UK business leaders to upgrade their cyber security. This is a response to the continued threat posed by states like Russia, Iran and North Korea.

Martin warns that, whilst Russia have the capability, they aren’t focused on large-scale theft of money. Instead, businesses should be wary of criminal syndicates who are targeting businesses and can create huge damage within organisations.

Specifically, Martin suggests that board members need to step-up their level of technical expertise. This is after a 2017 Government report showed that more than two-thirds of FTSE 250 company boards had no training on how deal with a cyber-attack.

You can read the full article here.

Stena Line ferry firm hacked in phishing attack
It was announced this week that personal details and bank accounts of over 800 ferry workers at Stena Line had been hacked. This was after hackers had broke into the Scandinavian ferry company systems via fraudulent phishing emails. Stena stated that the data breach had only affected employee data as opposed to customer information.

Stena told The Sunday Times: “We are taking steps, with advice from cybersecurity experts, to enhance our systems and processes in a way that will further protect employees’ data as well as that of our customers and counterparts, in order to minimise the risk of similar incidents happening”.

Although Stena has reported the incident to the ICO and risk being fined, its interesting to note that they have not defined any commitment to focusing on improving staff training. This hacking incident was only enabled because an employee within the organisation unknowingly clicked on a fraudulent URL. Whilst Stena are planning on reviewing and improving their security processes, IRM believe it’s just as important (if not more important) that they put time and resource into improving staff awareness around phishing emails to avoid a repeated incident in the future.

You can read the full article here.

IRM are currently working with various organisations on raising staff awareness of potential hacking risks, such as phishing emails. If you are concerned about the level of staff awareness on these issues in your organisation, contact us via our website form to discover how we can support you.