Following the news that the operation behind the UK government’s Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, IT security experts from Positive Technologies, AlienVault and Avast commented below.
Leigh-Anne Galloway, Cyber Security Resilience Lead at Positive Technologies:
“The UK. gov’s Cyber Essentials scheme suffered a breach that allowed an attacker to access the contact details of companies within the scheme. Whilst this information is low value, this recent incident raises some important questions around the use of third party applications and how best to secure them. If you left the key to your front door with a neighbour how would you know that your house was secure? Any application, which connects, to the Internet is vulnerable to attack. Therefore, it’s important to provide continuous protection to applications from development through to production.”
Following the news that the operation behind the UK government’s Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, IT security experts commented below.
Javvad Malik, Security Advocate at AlienVault:
“The incident illustrates that even the most security savvy organisations can make errors that can leave them exposed. Therefore it is essential to have robust threat detection capabilities in place that can monitor and alert where unauthorised access is being attempted so that the appropriate response may be taken. Having ongoing detection in place across both the network and critical hosts allows enterprises to have the assurance that systems are working as intended under the control of authorised persons.”
Pete Turner, Consumer Security Expert at Avast:
“Given the nature of the Cyber Essentials scheme, this breach will no doubt be very embarrassing and potentially damaging to the reputation of Pervade Software which provides the platform for the service. However, it reinforces a valuable message – the cyber threat landscape is diverse and constantly evolving, and everyone, no matter how safe they might feel, needs to take steps to remain vigilant and adhere to cyber security best practices.
Those companies who registered on the scheme and could be affected may now be more open to phishing attacks, which with the increasing use of social engineering techniques have become far more believable. Businesses should ensure that their employees change their email passwords immediately, and advise them to be vigilant about clicking on any links within unexpected or odd emails, even if they believe them to be from trustworthy sources. Companies should also ensure all software applications are up to date, including their antivirus solution.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.