BACKGROUND:
A leaked spreadsheet circulating around WhatsApp has exposed the personal details of more than one thousand UK Special Forces soldiers, which are meant to remain secret.
The Register, which has seen the leaked spreadsheet, says it contains details of 1,182 British soldiers who were recently promoted from corporal to sergeant. Some included soldiers posted in sensitive units, such as the Special Reconnaissance Regiment, Special Boat Service and Special Air Service.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>Today it happened with UK Special forces, but it could happen with any organization that doesn\’t have enough safeguards at place to protect internal and confidential information. The world is talking about privacy, Apple is promoting \"Stop Apps from Tracking You\", there is no better time to enhance to security of your employee and customer information. </p> <p>Leaked information can lead to various issues, starting from spamming, phishing and smishing. The impact could be lethal when information includes soldier information and what mission they are working on. It is putting the soldiers, their family, the mission and the countries at risk.</p> <p>Not much information is available on how the data was leaked, but I can\’t imagine if it were due to lack of a message classification system that many technology vendors provide as a very useful tool for classifying the files. With that system, it is possible to classify each file that is created as Confidential, Internal, Public, Restricted etc. So when an attempt is made to send a file with higher classification to an external email recipient, the system alerts you and stops you from sending it. It is a must have for every organization to protect sensitive information. I am however suspecting involvement of APTs (Advanced Persistent Threats) in this case.</p> <p>This is not the first time however that defense data has been leaked. Clearly more needs to be done for people who put their lives at danger to that we can spend peaceful lives.</p>
<p>Once again, employees accidentally leaking crucial documents has resulted in a major security incident for the Ministry of Defence. Many organisations think about protecting their networks and devices, but don’t always consider how best to protect sensitive data from people\’s mistakes. That\’s why, today, the majority of data breaches are due to human error.</p> <p> </p> <p>Security awareness training plays an extremely important role in improving people\’s security behaviours, and reminding them about safe data practice. However, it needs to delivered more frequently than just a compulsory, one-off session, and it needs context, for the information to stick. With people being in control of more data than ever before, companies must ensure their security strategies have people at the heart, investing time and resources into helping employees think twice before making a mistake that turns into a breach.</p>