The IT Governance Weekly Round-Up
With the UK in the midst of its worst drought in decades, South Staffordshire Water added to worries by suffering a ransomware attack. We dive into the story in this week’s newsletter, and look at what else has been happening in the cyber security industry. We also have the latest episode of our podcast, featuring our coverage of the UK’s new Digital Protection and Information Bill, as well as our usual selection tools and resources to help you manage your information security requirements.
South Staffordshire Water Targeted by Cyber Attack
South Staffordshire Water has announced that it has fallen victim to a cyber attack. The criminal hackers claimed to have access to the organisation’s SCADA systems, which control industrial processes at treatment plants. However, despite the breach, South Staffordshire Water insisted that it is still supplying safe water to all of its customers. The cyber attack comes amid a water crisis in the UK because of an ongoing drought. Residents are being urged to reduce the amount of water they use, while several water suppliers have imposed hosepipe bans.
How to Write an Internal Audit Report for ISO 27001
Internal audits are essential for maintaining ISO 27001 compliance. The requirements for writing an internal audit report are outlined in Clause 9.2 of the Standard. But how do ISO 27001 audits work, and why do you need to document the results? We explain everything you need to know in this blog, including our top tips for writing an ISO 27001 internal audit report.
IT Governance Podcast Episode 6: NHS ransomware, Ukraine, and Digital Protection and Information Bill
This week, we discuss a ransomware attack on an NHS digital services provider and a huge increase in cyber attacks as a result of the war in Ukraine, and provide an overview of the main reforms to UK data protection law proposed by the Digital Protection and Information Bill.
Most business leaders only prioritise cyber security after a major breach
Senior leaders recognise that cyber security threats were real only after the business had been attacked, a new report has found.
The observations of “numerous” businesses were revealed in a policy paper, published today by the Department for Culture, Media, and Sport (DCMS), which investigated the experiences of cyber attacks on UK businesses.
Common observations among businesses were that senior leaders were not as engaged with security as a priority and some didn’t fully understand the scale of the threats or the cultural transition required to meet the growing challenge.
领英推荐
The Zoom installer let a researcher hack his way to root access on macOS
A security researcher has found a way that an attacker could leverage the macOS version of Zoom to gain access over the entire operating system. Details of the exploit were released in a presentation given by Mac security specialist Patrick Wardle at the Def Con hacking conference in Las Vegas on Friday.
Hackers Took Over a Commercial Satellite to Broadcast Hacker Movies
A group of hackers was able to take control of a decommissioned satellite and use it to stream a hacking conference’s talks and hacker movies.?
New MailChimp breach exposed DigitalOcean customer email addresses
DigitalOcean is warning customers that a recent MailChimp security breach exposed the email addresses of some customers, with a small number receiving unauthorized password resets.
Detection: The first layer of your cyber defence-in-depth strategy
Understanding the threats you face and where your cyber defences are most at risk of being breached is critical to securing your organisation against cyber attacks. By implementing detection measures you can identify security flaws, enabling you to bolster defences where needed. Join IT Governance Founder and Executive Chairman Alan Calder for this 45-minute presentation on 25 August at 3pm. You’ll discover how to pinpoint weaknesses in your cyber defences, and receive practical advice on implementing a cyber defence-in-depth strategy.
Cyber Incident Response Management – A beginner’s guide
For today’s organisations, which rely heavily on technology and the Internet to do business, cyber attacks are a very real threat. Worse, the cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation. Furthermore, virtually every organisation holds valuable information, so everyone is a target. Suffering an incident is a matter of when, not if. Being prepared with solid incident response plans and procedures can significantly mitigate the impact of cyber incidents.