Charlie looks at the lessons you need to take away from a low-level cyber attack.
I am going to leave the New York flooding, storm and the hurricane in Louisiana for another day and just write a short piece on this incident I came across on phishing emails.
More details on the incident can be found here >
The shortened version of the incident is that Plentific, who are suppliers to a number of housing associations in Germany, the USA and the UK, had a cyber incident. They are a platform through which tenants can log in and follow up on repairs and maintenance. The residents of a number of housing associations who use the platform received emails that looked like they were coming from Plentific. The Housing Association has tried to warn their tenants about the scam. There are a number of lessons you can learn from this incident, which I am going to share today.
This type of low-level cyber incident is happening all the time, but you would not normally hear about them as they are so small they don't usually make the news.
- Your security may be brilliant, but how much due diligence do you conduct on your suppliers? This is especially important if you provide them with lots of information. Also, what efforts have you made to check on your suppliers level of security?
- Most of the classic cyber incidents happen through the supply chain compromise, for example, Kaseya or Starburst/SolarWinds.
- Many housing associations provide homes for low-income people or the vulnerable, so in some cases they may be more vulnerable to scams, especially if they appear 'official'. What precautions and responsibilities do you have before an incident takes place in order to warn your tenants about cyber scams? Should you have plans in place for communicating with tenants if a breach occurs?
- This is the premise that we reiterate and highlight during our Cyber Incident Management course. The point being cyber incidents are not all about your own IT department leading the response to an incident, it may actually have nothing to do with your own IT!
We don’t have any places left on next weeks BCT Certificate in Cyber Incident Management course but the date for our next available course is Wednesday 10th-Thursday 11th November 2021. Remember we currently have a 20% discount on this course so be sure to book today as we only have limited places available. Our offer ends on 30th September 2021.