Today, the Wellcome Trust reported details of two phishing attacks that targeted members of senior management and allowed potential fraudsters to gain access to sensitive information. While the charity has confirmed that there have been no financial losses, the police investigation will continue. The breach was disclosed on the charity’s website in September but was not reported then.
Expert Comments below:
James Hadley, CEO at Immersive Labs:
“The most alarming aspect of this breach is that it was members of the Wellcome Trust’s senior management team that were targeted and duped. At a time when cyber attacks against organisations of all sizes and sectors are practically non-stop, it is rather surprising to find that the necessary diligence, resilience and awareness of organisational weaknesses is are still not being prioritised at an executive level.
“Organisations like the Wellcome Trust must place cyber resilience as a top priority going forward, rather than reacting to attacks months after they’ve hit. But what’s also clear from this breach is that, at the heart of the issue this is a fundamental skills and people problem. The Wellcome Trust have taken exactly the right steps to prevent this sort of by training up members of staff most likely to be exposed to such threats, but efforts cannot simply stop there.
“Cyber criminals are constantly developing new approaches, meaning the threats they pose are unrelenting. So too must businesses continuously upskill their cyber and IT teams, and ensure those at the front lines are kept adequately trained to respond to real-time scenarios that keep them off the back foot.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.