Following the news that the operation behind the UK government’s Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, IT security experts from Positive Technologies, AlienVault and Avast commented below.
“The UK. gov’s Cyber Essentials scheme suffered a breach that allowed an attacker to access the contact details of companies within the scheme. Whilst this information is low value, this recent incident raises some important questions around the use of third party applications and how best to secure them. If you left the key to your front door with a neighbour how would you know that your house was secure? Any application, which connects, to the Internet is vulnerable to attack. Therefore, it’s important to provide continuous protection to applications from development through to production.”
Following the news that the operation behind the UK government’s Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, IT security experts commented below.
Javvad Malik, Security Advocate at AlienVault:
“The incident illustrates that even the most security savvy organisations can make errors that can leave them exposed. Therefore it is essential to have robust threat detection capabilities in place that can monitor and alert where unauthorised access is being attempted so that the appropriate response may be taken. Having ongoing detection in place across both the network and critical hosts allows enterprises to have the assurance that systems are working as intended under the control of authorised persons.”
“Given the nature of the Cyber Essentials scheme, this breach will no doubt be very embarrassing and potentially damaging to the reputation of Pervade Software which provides the platform for the service. However, it reinforces a valuable message – the cyber threat landscape is diverse and constantly evolving, and everyone, no matter how safe they might feel, needs to take steps to remain vigilant and adhere to cyber security best practices.
Those companies who registered on the scheme and could be affected may now be more open to phishing attacks, which with the increasing use of social engineering techniques have become far more believable. Businesses should ensure that their employees change their email passwords immediately, and advise them to be vigilant about clicking on any links within unexpected or odd emails, even if they believe them to be from trustworthy sources. Companies should also ensure all software applications are up to date, including their antivirus solution.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.