When you’re a good cause, you’re a great target
Sam Glynn CISM ??
Security Risks & Regs Advisor to Regulated Firms & Professional Services Providers | 25+ Years Helping Firms with Regulatory Compliance, Cyber Security & Third-Party Risk Management | DORA | ISO 27001
This week:
3 – Lightning can strike twice in cyber land.
2 – You are only as secure as your weakest third party service provider.
1 – The writing is on the wall if the HSE is important to your organisation.
?
3 – In cyber land, lightning can strike twice.
“Housing agency confirms another cyberattack after 2023 ransomware incident”
Summary: The Housing Authority of the City of Los Angeles (HACLA) has confirmed a cyberattack on its IT network, marking the second such incident in recent years. In 2023, they were attacked by the LockBit ransomware gang. This time around, another gang claims to have stolen over 800 GB of data, including personal information, financial documents, and backups. HACLA, which has a budget of $1 billion and houses 19,000 families, is only one of many housing authorities that have been recently attacked.
So what? Lightning may never strike twice. But cyber gangs do. If your defences have been proven to be weak in the past, they are more likely to be tested again in the future.
Source: The Record (via Secure The Village)
?
领英推荐
2 – What third parties do you rely on?
“Charities including RSPCA, Shelter, Dogs Trust, Battersea and Friends of the Earth have moved to reassure their supporters over their data as regulators assess a cyber attack at a sector supplier.”?
Summary: Several major charities in the UK, such as RSPCA, Shelter, Dogs Trust, Battersea, and Friends of the Earth, are addressing supporter concerns following a data breach at research company Kokoro, a partner of About Loyalty. Hackers accessed supporter details, including names, email addresses, and historic donation information. The UK’s data protection regulator and charities regulator are investigating the incident.
So what? You’re only as secure as your weakest service provider. Making sure you have appropriate security in place includes making sure your trusted third parties have appropriate security in place.
Source: Civil Society
?
1 – If the HSE is important to your organisation, the writing is on the wall
“The Cyber Security Statement of Strategic Intent aims to mature the cyber security capabilities of the HSE”
Summary: Ireland’s Health Service Executive (HSE) recently released its Cyber Security Statement of Strategic Intent for 2024-2027, focusing on enhancing cyber resilience and aligning with regulatory requirements. This initiative follows the 2021 Conti ransomware attack that had a serious impact across the country’s health system. The aim is to improve the HSE’s cyber maturity over the next three years (as part of a broader 7 year programme). Key components include establishing a Chief Information Security Officer (CISO) office and? investing in security defences that align to the US National Institute of Standards and Technology Cyber Security Framework (NIST CSF).
So what? If the HSE is one of your key clients or stakeholders, the writing is on the wall (and in this document) that they will expect you to prove that you have appropriate security measures in place.
?
[PS I’m currently working with a number of charities and non-profits to assess and improve their security defences. If you work in this area and don’t know where to start when it comes to assessing and improving your security defences, learn how I can help.]
Building a more cyber secure world, one person at a time
4 个月Good call on the HSE Sam Glynn. While many suppliers likely feel comfortable right now, when contracts go up for renewal they are likely to be facing a whole different set of questions to previously.