Weekly cyber news update

The NCSC reports that UK Universities achieving Cyber Essentials certification has almost trebled in a year.

With an increase from 14% to 40% in the past year, Universities are using cyber essentials to protect themselves against common online threats such as phishing campaigns, DDOS and botnets.

Sarah Lyons, NCSC Deputy Director for Economy and Society, said:

‘It is extremely encouraging to see such a significant rise in universities and colleges investing in their cyber security.

Given the NCSC assessment that it is a realistic possibility that the cyber threats facing universities will increase, we will continue to work closely with the education sector to enable more institutions to achieve this industry recognised standard.’

 

Labour cyber-attack

Labour reportedly suffered a second cyber-attack on Monday  11th November 2019. The cyber attack slowed down the some of the parties  general election campaign activities however the attack was assessed as 'low level' and that there was no evidence of 'state-sponsored activity'.

An NCSC spokesperson said:

“The NCSC has worked closely with political parties for several years on how to protect and defend against cyber attacks. We met the major parties last week ahead of the General Election.

“In terms of this incident, the Labour Party followed the correct, agreed procedures and notified us swiftly. The NCSC is confident the party took the necessary steps to deal with the attack. The attack was not successful and the incident is now closed.”

Labour's general secretary Jennie Formby said on Twitter the attack was a "real concern" but she added she was proud of the party's staff who "took immediate action to ensure our systems and data are all safe ".

 

You might be doing the right thing but is everyone else?

BT security managed to fall at the first hurdle by emailing 150 infosec professionals, who had attended a jobs fair, by using CC instead of BCC.

The email thanked them for attending the Westminster Cyber Expo and popping by the BT Security stand. Instead of following basic data protection advice, however, BT Security cc'd it to all 150 recipients allowing them to read each other's email addresses and identities.

One recipient even reply-all'd to the original email asking to be taken off it, citing GDPR.

BT emailed the infosec bods again this time remembering to BCC:

‘We sent you an email at 10:18pm on Thursday 7th of November after our chat at the Cyber Security Expo in Westminster, London. The subject was: Thank you for visiting the BT Security Stand - Westminster October 2019

Unfortunately we cc'd rather than bcc'd the email. We're really sorry about that. But we know that's not enough so…

If you haven't already opened it, could you delete the email straightaway without opening

If you've opened the email, please just delete it

And finally, if you've forwarded or shared it, could you recall the message, delete it and ask the people you sent it to, to do the same.

Once again, we're so sorry this happened. It was an honest mistake – it was a simple human error. We have taken steps to make sure that it doesn't happen again.’

(The Register)

 

It is important to handle information with care, take a look at our handling rules for more information.