Security Everywhere – Cyber Security Essentials Q&A Part One
Learn more about the realities of cyber crime in this Q&A with cyber security expert Francis West. From Whatsapp fraud to investment scams, cyber crime has...
Read Full ArticleThe UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack.
The Information Commissioner’s Office (ICO) said that the construction company failed to process personal data in an appropriately secure way, making their systems vulnerable to a cyber attack.
The cyber attack incident took place in spring 2020 when a staff member forwarded a phishing email to another employee, who opened it and downloaded its content, resulting in malware being installed on that employee’s machine.
Neither employee had received any data protection training despite internal security policies, and industry standard ISO27001 requiring that all employees receive regular awareness training on the subject.
"The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company."
–John Edwards
UK Information Commissioner, Information Commissioner’s Office
Interserve’s systems not only failed to block the phishing email, but the company’s subsequent actions also put its IT infrastructure at further risk.
The company’s anti-virus system quarantined the malware and sent an alert, but Interserve failed to thoroughly investigate the suspicious activity, meaning the attacker still had access to the company’s systems without Interserve's knowledge.
The report also demonstrated that the majority of Interserve’s servers were running on an outdated McAfee anti-virus protection product.
The incident affected the personal data of up to 113,000 Interserve employees, including sensitive information such as bank account details, salary, emergency contacts, sexual orientation and details of disabilities.
John Edwards, UK Information Commissioner, said: “The biggest cyber risk businesses face is not from hackers outside of their company, but from complacency within their company. If your business doesn't regularly monitor for suspicious activity in its systems and fails to act on warnings, or doesn't update software and fails to provide training to staff, you can expect a similar fine from my office.
“Leaving the door open to cyber attackers is never acceptable, especially when dealing with people’s most sensitive information. This data breach had the potential to cause real harm to Interserve’s staff, as it left them vulnerable to the possibility of identity theft and financial fraud.”
Picture: a photograph of a computer keyboard with a padlock placed on top. Bank cards can also be seen. Image Credit: Unsplash
Article written by Ella Tansley | Published 24 October 2022
Learn more about the realities of cyber crime in this Q&A with cyber security expert Francis West. From Whatsapp fraud to investment scams, cyber crime has...
Read Full ArticleIt has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...
Read Full ArticleThe operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...
Read Full ArticleAs more and more of a building’s functions are automated and controlled via smart technology systems, has cybersecurity been an afterthought? In 2020, Boris...
Read Full ArticleWith more people working on the internet outside of monitored business networks, the risks of compromising company and personal data are increased. Concentration is...
Read Full ArticleIt was reported that in mid-May that Interserve was involved in a cyber attack, involving the theft of information on current and former Interserve...
Read Full ArticleEMCOR Group and Bouyges are the latest FM companies targeted by malicious software attacks. The website of EMCOR Group, the global providers of facility...
Read Full ArticleA commercially available facial recognition system has just been launched. Meanwhile, developer Argent could be in hot water for using LFR and both the ICO and a...
Read Full ArticleAccording to Sophos, 70% of internet users have the same password for almost all the web services they use - and there are groups of businesses and individuals who are...
Read Full ArticleEmergency generators failed and one caught fire when they were called in to use. Interserve has been fined after multiple safety failings could have caused a serious bio...
Read Full Article