Human Error = Data Breaches | Cyber Security Speaks

Katie Packham

Another day, another data breach.

We can now add the Metropolitan Police, Holiday Inn and Fashion Family Game to the list of organisations to have been caught out. It’s the first of that rather incongruous three which is arguably the most interesting.

While not on the scale of the Holiday Inn breach, the case of the Metropolitan Police ‘breach’ is quite strange. Firstly, it’s not so much a breach as the Met Police choosing to give a third-party marketing agency access to highly sensitive address details of 30,000 gun owners in the UK. In doing so, they have put that data – and those gun owners – at unneccessary risk. It goes to show that all the sophisticated firewalls in the world are of little use if you willingly put everything outside them.

In fact, research this week showed that human interaction remains the key to cyber attacks. Researchers at security firm, Rapid7, found that over weekends and public holidays the number of security alerts dipped due to fewer numbers of people interacting with malicious emails, attachments and websites. Carelessness or lack of understanding – much like in the case of the Metropolitan Police above – is putting organisations at risk.

So how do we prevent data breaches? It’s the question driving the $120 billion global cyber security market.

Based on the research from Rapid7, I would advocate a three-day weekend as standard.

However, until that dream becomes a reality, education on cyber security issues will be vital. Vendors of solutions should move away from a product-focused approach to marketing. Cyber security is about more than just solutions; it’s about people too. Show customers how they can protect themselves and they’ll trust you to protect them as well.

News Round-up

ComputerWeekly

Human interaction still key to cyber attacks, study reveals

Research has shown that security alerts dip significantly at weekends and on public holidays, largely due to fewer employees interacting with malicious emails, links and websites.

Ars Technica

Tanium CEO admits using real hospital data in sales demos

A security vendor has been revealed to been using private hospital data for sales calls and publicly posted materials.

SC Magazine

Almost half of UK firms hit by cyber-breach or attack in the past year

Government statistics have found that half of all UK businesses suffered a cyber-breach or attack over the past 12 months.

The Register

30,000 London gun owners hit by Met police ‘data breach’

A marketing agency was given access to a list of firearms owners’ addresses for a commercial company’s advertising campaign.

ZDNet

Millions of game accounts exposed in data breach, responsibility thrown to the wind

Account details of users of the online game and social network, Fashion Fantasy Game, have been made available online yet the company has yet to acknowledge the breach.

Gizmodo

Holiday Inn Cops to Massive Credit Card Data Breach

Guests at more than 1,000 InterContinental Hotel Group hotels have had their credit cards stolen.

 

If you would like to hear more from the Cyber Security team please email cybersecurityspeak@racepointglobal.com