In light of the news that a hacker stole the personal data of 1,000 employees of the Ordnance Survey, cybersecurity experts, offered the following comments:
Scoop: A hacker stole the personal data of 1,000 employees of the Ordnance Survey, the government-owned mapping agency for Britain. Was "most likely" the result of a targeted #phishing attack. https://t.co/HiHKihOxyS
— Rob Scammell (@RobertScammell) February 24, 2020
Despite all the routine tests that are now carried out and all the awareness campaigns about the risks of phishing, employees are still falling for these attacks. Gone are the days where the phishing emails are riddled with typos and made from random email addresses. They are becoming increasingly difficult to spot, especially on mobile. Links can be hidden causing employees to click on them. A golden rule is never to type in a username or password at the request of an email unless you are 100% sure that the request is legitimate. Well-known brands simply don\’t make these request by email.
This latest breach highlights the significance of building and maturing Enterprise Information Security with equal focus on security culture in the organization, security processes applied to business processes and the technical security controls build into to technology systems and applications.
I also urge CISOs and Security Professionals not to forget that \”Access Control\” remains to be the fundamental security control for protecting data, information and underlying technologies. Applying an access control model via two-factor authentication, least privilege or need to know authorization and accountability with assurance via monitoring or alerting will ensure you continue to reduce risk of a data breach via cybersecurity threats such as phishing.