Plain English Cyber in 3 articles, 2 numbers and 1 action.

This week: BNP Paribas blocks Russian staff from its global computer network, your website contact form could be the first step in a cyber attack, and the HSE is about to contact people who data was stolen in last year’s cyber attack.

This week’s action: Remind staff that the first email is not the only one to look out for.

If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from<;/a> or wherever you get your podcasts.



1: BNP Paribas blocks Russian staff from its global computer network

Reuters reports that “France’s largest bank BNP Paribas has cut off its Russia-based workforce from its internal computer systems as it seeks to bolster its defences against any potential cyber attack, a source with direct knowledge of the matter told Reuters. The move, aimed at protecting the bank from cyber criminals who could use the local network as an access point, also further distances its shrinking Russian operations from the rest of the group.”

Clearly, the ongoing warnings about cyber attacks arising from Russia’s invasion of Ukraine are causing some organisations to take very definitive steps to protect themselves.

Read more: via

2: Your website contact form could be used to start an attack

“While most cyberattacks are launched via email, attackers are always looking for new ways to make contact with potential victims. Recently, the threat intelligence team at Abnormal Security observed some attacks targeting [their] customers that started through an online contact form. [..] Rather than directly sending a phishing email, the attacker in these cases initiated a conversation through an organization’s website contact form. In these initial contact form submissions, the attacker posed as [someone] looking for a quote for a product provided by the target. [..] Once the contact form request has been submitted by the attacker, they simply wait until someone at the target company reaches out to them to follow up. [..] After fully establishing their cover identity via email, the threat actors continued project negotiations [via email] in an effort to convince their victim to download a malicious file.”

Cyber attacks are frequently launched through email. But it’s not always the first email.

Read more: via

3: HSE will start contacting people whose data was stolen in last year’s cyber attack

The Sun has reported that “THE HSE is set to spend €1million contacting individuals whose personal data was stolen in the cyber attack that crippled the national health service last year. A call centre and support infrastructure is expected to be established this summer as the HSE begins to process of notifying patients and other individuals that their details were among those compromised in the ransomware attack. [..] The notification of affected parties is expected to take between 12 and 16 weeks, as it is necessary to first review the stolen data and identify all of the relevant individuals.”

This 12-16 week timeframe doesn’t include the time it will take to handle the subsequent queries and complaints from the impacted individuals. The fallout from this attack could go on for a while yet.

Read more:



1: €43 million

The the HSE cyber attack last May, which started when a worker opened a malicious file attached to a phishing email, has already cost the HSE €43 million. It is estimated that the final cost will be at least €100 million.

Read more:

2: €8.4 million

Of the €43 million cost to-date, €8.4 million has been spent by the HSE on Microsoft Office 365.

Read more:



1: Remind staff that the first email is not the only one to look out for

As mentioned earlier, cyber attackers are finding increasingly-ingenious ways to get around your cyber defences, including your human defences. While emails continue to be a common way for them to gain a foothold into your organisation, as happened in the HSE attack last year, it’s not always the first email that will contain the malicious link or attachment.

It’s important to remind staff to beware of attachments and links in any email. If they are unsure, make sure they have someone they know who they can ask for a second opinion – Whether that’s your IT provider, a cybersecurity advisor*, or just a more tech-savvy member of staff.

If you need someone who your staff can ask for a second opinion, take a look at my ‘Second Opinion’ service. For less than 50c per person per day, my service is a very low-cost and effective way to strengthen your human defences.

Never underestimate the effectiveness of a simple, human-driven security measure.