Brendan Duncan No Comments

Data Breach Leaves PSNI Officers ‘Incredibly Vulnerable’

Officers left ‘shocked and dismayed’ over unprecedented data breach

The Irish News has reported that a major data breach has exposed every serving officer’s personal data online. Almost 10,000 officers and staff members have been affected.

For almost three hours, several types of personal metadata were available for the general public to see. Authorities believe undercover officers could have been exposed, and may be unable to continue their work. In general, a rise in the risk of terrorist attacks against serving officers is feared to have increased.

The data breach happened after a freedom of information request led to an unfortunate, self-inflicted error. No foul play has been suspected, but the damage is major and widespread.

In all workplaces, the importance of data protection cannot be overstated. We all handle vast amounts of sensitive information on a daily basis. Steps can be taken to safeguard and protect information, but human error remains a significant vulnerability that can lead to data breaches.

Read more
Shane Chambers No Comments

Ransomware attacks may breach new EU GDPR data protection regulations.

With the introduction of the new EU general data protection regulation (GDPR) this time next year (25 May 2018 to be exact) – businesses all over the globe could find themselves in breach of the regulation and facing hefty fines should they fail to prevent a ransomware attack, phishing attack or similar. The message is finally getting out there – something needs to be done about ransomware and fast.

GDPR Data Breach From Ransomware

How Ransomware could cause a breach of GDPR?

As noted in this RTE article by @AengusCox – data protection and governance expert @DaraghOBrien, Managing Director of Castlebridge Associates, confirms GDPR is all about accountability. Not only do organisations have to comply with the regulation, they also have to demonstrate compliance through evidential proof (documentation, etc) of the controls, processes, technology, etc. that they have in place to protect the sensitive and personal data they hold on EU citizens (to include their staff, customers, vendors and third parties).

Daragh confirms that ransomware could indeed be seen as a breach of GDPR by the data protection commissioner, as ransomware typically can affect both the availability and access of personal data and can also affect the recovery of the personal data. Indeed, some viruses are known to upload personal data to hackers – a clear data breach and major breach of the GDPR.

As the GDPR comes more and more into focus through the year and into next year – security experts predict that hackers/scammers will begin to steal data with advanced ransomware and then blackmail the victims by threatening to report them to data protection commissioner.

What can be done?

In the RTE video interview, Daragh notes that security awareness training for staff is crucial now. Businesses urgently need to train their staff how to recognise and avoid clicking on links in phishing emails.

Many may not realise yet, but Article 39 1(b) of the GDPR regulation places a mandatory onus on organisations to undertake security awareness training for staff that deal with sensitive personal data. Read more

Gerry Morley - Director of Cyber Security 4 Comments

Ransomware – WannaCry No More – Train and Phish your staff.

prevent ransomware

By now, many of you that have not been under a rock for the last couple of weeks have heard about the worldwide ransomware cyber-attack WannaCry Decrypt0r that began in earnest on Friday 12th May 2017. The new ransomware caused major disruption to the IT systems of 40 National Health System hospitals across the UK (resulting in most non-emergency operations being suspended). Not only that, but it also caused disruption to an additional 200,000 victims, distributed over at least 150 countries (including several banks, Renault, Nissan, FedEx Corp, Telefonica, German Railways and even the Russian Interior ministry).

How Did This Happen?

Global reports from cyber security experts confirm that this ransomware gets onto a network through an unsuspecting user clicking on a link or attachment in a spam email.

The last few years and countless data breaches have shown that human error (due to a lack of security awareness training) from phishing and social engineering is the number 1 cause of cyber-attacks, ransomware and data breaches worldwide. Unfortunately, many companies including hospitals who have not invested in security awareness training and ongoing testing of their staff with simulated fake emails (to keep them savvy to the latest scams) will continue to be the most vulnerable to this and future similar style cyber- attacks.

Read more

Gerry Morley - Director of Cyber Security No Comments

Yahoo! Hackers caught with their hands in your cookie jar.

Yahoo Hackers prove they don’t need your online passwords as they can forge your browser cookies to access your online data.

Yahoo in December 2016 quietly revealed to its users, in the form of a security update, that their user accounts may have been compromised as recently as last year, after an ongoing cyber security investigation found evidence that hackers managed to create forged cookies to gain access to Yahoo user accounts. Read more

Gerry Morley - Director of Cyber Security 1 Comment

Covert “Fileless” Virus Evades Banks Cyber Defences – Reinforces Need for Robust Disaster Recovery & Cyber Security Procedures

Imagine a cyber threat that can evade the bank level cyber security…leave little trace of infection and bypass most Anti-Virus software.

Hundreds of companies around the globe including several major banks and financial institutions have reportedly been hit by a cyber security attack masquerading as a dangerous covert memory-based fileless malware. The malware has been detected in at least 40 countries worldwide (including UK, France, USA to name a few).

Fileless Malware Cyber Security Geography

Read more