GDPR and Patching
British Solicitor Fined after admitting it took 5 months to install critical updates
Criminal defence law firm Tuckers Solicitors is facing a fine from the UK's data watchdog for failing to properly secure data that included information on case proceedings which was scooped up in a ransomware attack in 2020.
The London-based business was handed a £98,000 penalty notice by the Information Commissioner's Office under Article 83 of the EU's General Data Protection Regulation 2018*.
The breach was first noted by Tuckers on August 23 2020 when part of its IT system became unavailable. On closer inspection, resident techies found a note from the attackers confirming they had compromised part of the infrastructure. The Microsoft Exchange server was out of action and two days' worth of emails were lost, as detailed by the company blog at the time.
The breach was reported to the ICO by Tuckers on August 25 2020, the ICO says.
How can Bechtle help you to avoid a similar threat? This shows the importance of understanding the vulnerabilities within the environment and the necessity of addressing this in a timely fashion. Security | The Bechtle Journey provides a strong engagement methodology, allowing our clients to take advantage of best practice advice, market knowledge, services and best in class remediation solutions. Best in class is defined by the ability to scan for vulnerabilities and remediate them across multiple platforms and operating systems.
|
Understanding threat actors in a complex world.
Crowdstrike bringing Threat Intelligence to the market.
The Forrester Wave™: External Threat Intelligence Services, Q1 2021 report identified the most significant threat intelligence service providers to evaluate strengths and weaknesses of their solutions, including CrowdStrike’s Falcon X product suite. Forrester grouped a broad range of criteria into three
high-level categories: Current Offering, Strategy and Market Presence. In Forrester’s evaluation, CrowdStrike received the highest possible score in 17 criteria, including:
- Current Offering: Intelligence Requirements, Technical Intelligence, Intelligence Analysis, Dissemination, Cyber Threat Intelligence
- Strategy: Product Vision, Supporting Products and Services, Commercial Model, Strategic Partners
- Market Presence: Number of Clients, Overall Service Revenue
CrowdStrike was also the only vendor to receive a five out of five in the
Market Presence category, which is scored on a vendor’s service revenue and
number of enterprise clients.
How can Bechtle help you to avoid a similar threat? One of the key advantages Bechtle has, is the breadth and depth of our client base, spanning 14 countries across Europe. This provides a real insight into the current threat landscape allowing us to share major concerns and threats with our clients.
Bechtle’s best-in-class approach allows us to provide solutions to enhance this data. CrowdStrike is a key partner in this area delivering industry recognised telemetry data.
Please find a useful link below on weekly threat reports delivered by the National Cyber Security Centre Weekly threat reports - NCSC.GOV.UK
|
The implication of Russia’s Ukraine Invasion.
The three Russian cyber-attacks the West most fears.
US President Joe Biden has called on private companies and organisations in the US to "lock their digital doors", claiming that intelligence suggests Russia is planning a cyber-attack on the US.
The UK's cyber-authorities are also supporting the White House's calls for "increased cyber-security precautions", though neither has given any evidence that Russia is planning a cyber-attack.
Russia has previously stated that such accusations are "Russophobic".
However, Russia is a cyber-superpower with a serious arsenal of cyber-tools, and hackers capable of disruptive and potentially destructive cyber-attacks.
Ukraine has remained relatively untroubled by Russian cyber-offensives, but experts now fear that Russia may go on a cyber-offensive against Ukraine's allies.
"Biden's warnings seem plausible, particularly as the West introduced more sanctions, hacktivists continue to join the fray, and the kinetic aspects of the invasion seemingly don't go to plan," says Jen Ellis, from cyber-security firm Rapid7.
Here are the hacks that experts most fear.
How can Bechtle help you to avoid a similar threat? In light of Russia’s invasion of Ukraine, the UK’s National Cyber Security Centre (NCSC) has urged organisations across all sectors to ensure their security ecosystems are prepared for the anticipated Russian cyber-attacks, proactively implementing measures such as:
|
The infamous BlackCat ransomware group has struck again.
BlackCat Attacks One of World’s Largest Energy Supply Companies.
In early February, Blackcat attacked one of the world’s largest energy supply companies, the German group, Marquard & Bahls. The attack disrupted the IT systems of the group’s oil company, OilTanking, and its mineral oil trade dealer, Mabanaft. OilTanking operates 13 terminals in Europe and provides clients such as Shell with oil storage facilities and related services. Shell announced it is now rerouting supplies to other storage, the company told Reuters. The attack has disrupted operations for about 200 gas stations in Germany. The company has not disclosed any financial demands made by BlackCat.
The BlackCat ransomware gang, which recently emerged last November, is thought to be based in Russia and consists of former members of the BlackMatter/DarkSide group, the group accused of the attack on the Colonial Pipeline Co. last year. The ransomware group calls itself ALPHV, but security research group MalwareHunterTeam named it BlackCat “because of the image of a black cat used on every victim’s Tor payment page.”
How can Bechtle help you to avoid a similar threat? Bechtle helps client develop a robust security strategy to address threats like ransomware. A first step is to undertake a simple self-assessment questionnaire called the Bechtle Swift Security review.
Bechtle’s Swift Security Review will provide you with a quick, clear visualisation on the status of, what are the 9 core components of a business’ security strategy. From this, Bechtle will align a dedicated security consultant to go through your response and build you a plan that aligns to your wider business requirements and provides a strategy to close any gaps that are exposing your business to undue risk.
|
Want to know more about any of the updates listed above? Contact Alice for more information.
Phone: +44 1249 467 938
E-mail: alice.lee@bechtle.com