Ordnance Survey Hack – Expert Reaction

In light of the news that a hacker stole the personal data of 1,000 employees of the Ordnance Survey, cybersecurity experts, offered the following comments:

Experts Comments

February 25, 2020
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin
This latest breach highlights the significance of building and maturing Enterprise Information Security with equal focus on security culture in the organization, security processes applied to business processes and the technical security controls build into to technology systems and applications. I also urge CISOs and Security Professionals not to forget that "Access Control" remains to be the fundamental security control for protecting data, information and underlying technologies......Read More
This latest breach highlights the significance of building and maturing Enterprise Information Security with equal focus on security culture in the organization, security processes applied to business processes and the technical security controls build into to technology systems and applications. I also urge CISOs and Security Professionals not to forget that "Access Control" remains to be the fundamental security control for protecting data, information and underlying technologies. Applying an access control model via two-factor authentication, least privilege or need to know authorization and accountability with assurance via monitoring or alerting will ensure you continue to reduce risk of a data breach via cybersecurity threats such as phishing.  Read Less
February 25, 2020
Ashley Hurst
Partner and International Head
Osborne Clarke
Despite all the routine tests that are now carried out and all the awareness campaigns about the risks of phishing, employees are still falling for these attacks. Gone are the days where the phishing emails are riddled with typos and made from random email addresses. They are becoming increasingly difficult to spot, especially on mobile. Links can be hidden causing employees to click on them. A golden rule is never to type in a username or password at the request of an email unless you are 100% .....Read More
Despite all the routine tests that are now carried out and all the awareness campaigns about the risks of phishing, employees are still falling for these attacks. Gone are the days where the phishing emails are riddled with typos and made from random email addresses. They are becoming increasingly difficult to spot, especially on mobile. Links can be hidden causing employees to click on them. A golden rule is never to type in a username or password at the request of an email unless you are 100% sure that the request is legitimate. Well-known brands simply don't make these request by email.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.