This episode talks about the Insider Risk.
After listening to this podcast please visit Action Fraud, National Cyber Security Centre and the West Midlands Cyber Protect Website for more guidance on all things relating to online Security.
Our host is Mathew Hough-Clews and can be found at sp_digitalpcso.
Also covering the West Midlands is Sean Long – WMPDigitalPCSO and covering Warwickshire and West Mercia Police areas is James Squire - cyberpcso.
To attend other events provided by the RCCU please see below.
· Are you prepared for a Cyber Attack?
· Got questions about Cyber Crime?
· Can you spot a phishing Email?
To contact us please email us at email@example.com.
Hi, I'm Matthew Hough-Clewes. I'm a digital Police Community Support Officer for the West Midlands Regional Cyber Crime Unit.
Today's date is Friday the 31st of July 2020. These are your headlines from the cyber Threat Weekly.
As the well used saying goes, people are an organization's biggest asset. However, in some cases, they can also pose the largest risk, the insider has been shown to be the largest risk to an organisation. This usually is due to the level of awareness and failings within a technological infrastructure and not malice. Sadly, a very small proportion of those who pose a risk from the inside are disgruntled, and malicious. Those who fit into this category are usually ex employees, but unfortunately, could be an employed member of staff.
This week, a large well known business in the West Midlands reported a substantial network intrusion incident allegedly carried out by an ex employee COVID-19 has led to an increase in homeworking fraud and the unintentional leak of confidential information.
Four clear challenges have emerged during this period, such as staff, can not be monitored or supported as closely whilst at home, making the risk of an accidental threat greater.
Information security teams may be focusing on other challenges.
Increase in opportunitist actors, hackers often take advantage of time of crisis and increased anxiety across the population
And employee morale, employees may feel more detached from the workplace, as they are not physically present in the office.
As organisations implementing increasingly sophisticated physical and cyber security measures to protect their assets from external threat, the recruitment of insiders becomes a more attractive option for those attempting to gain access.
The organisational level factors identified relate to, good data management policies including employee screening processes, education awareness of staff, communication between all staff including management regarding risks, access control to those who truly need it, a clear desk policy, limiting use of external devices and USB ports, whilst not forgetting the importance of reviews and auditing.
This is not an exhaustive list, but would be a very good starting point.
Also in the news, Garmin begins recovery from ransomware attack. Owners are have its products have been unable to use it services since Thursday 23rd of July 2020. Garmin went on to say that they had no indication that any customer data including payment information from Garmin Pay, was accessed, lost or stolen and expected all its systems to be returned to normal operation within a few days, but warned that there might be a backlog of user data to process.
Cosmetics giant Avon leaked 19 million records. A misconfigured cloud to the global cosmetics brand Avon was recently discovered leaking 19 million records including personal information and technical logs. The information contain personally identifiable information on customers and potentially, employees including full names, phone numbers, dates of birth, email and home addresses, and GPS coordinates.
If you are a customer of Avon or Garmin, please change your password immediately and monitor your Avon, Garmin and Bank accounts for any suspicious activity.
On a lighter note six firms shortlisted to deliver UK first Cyber Park in Cheltenham. The firm's are vying to take on the task of building Cheltenhams 400 million pounds Cyber Park. The town's Golden Valley development will see the UK firts campus built around cyber technology called Cyber Central and will be constructed with this 3000 home garden community next to GCHQ.
For additional guidance, please visit the National Cyber Security Centre or NCSCs website. Also, please don't hesitate to contact us for support with regards to training, advice and guidance on how to protect and prepare your business online.