Cybersecurity Without Insanity? It could be as simple as 3 – 2 – 1…

This week: A significant data breach in the Police Service of Northern Ireland, the shadow of shadow IT keeps growing, and Microsoft’s security practises should not distract us from the need to secure our front doors.

 

3 – “Terrorists would literally kill for this information, and we gave it away.”

There has been a significant data breach within the Police Service of Northern Ireland (PSNI). The breach occurred when a staff member published information online in response to a Freedom of Information (FoI) request, but inadvertently included a list of the surnames of more than 10,000 current and past police officers). The information remained online for up to three hours.

While the document was only online for a short period of time, the website where it was published alerts subscribers when new content is published. More significantly, it also alerts subscribers when data is about to be taken offline, “effectively branding it as data of interest to be downloaded quickly before it [disappears]”. While the data breach has received a lot of media attention this week on both sides of the border and elsewhere, I think this article in Policito provides an excellent description of the potential impact of this breach on police officers’ lives.

Key takeaway: I won’t comment any further on this data breach, because I just can’t comprehend the impact on the personal lives of these police officers or their families, or the impact on the person who made what looks like a genuine mistake.

 

2 – The shadow of Shadow IT keeps growing

A large organisation uses an average of 473 SaaS applications, an increase from 317 in 2021. For organisations with fewer than 500 staff, the average is about 253 different SaaS applications.

This is according to research recently published by Productiv, which provides solutions to help organisations save money on their use of SaaS applications.

In simple terms, “Shadow IT” means the use of IT systems that have not been reviewed and approved by the organisation. In the old days, we could get a grip on the situation quite quickly by restricting the users’ ability to install applications on their PC’s. But these days, there are no applications to install – all you need is an Internet connection.

Key takeaway: if you need to protect your organisation’s data, you need to have an effective way to monitor and restrict the sites and services that staff are accessing online, as well as enforcement of a clear policy that tells staff they must only use applications and services that have been reviewed and approved by the organisation. Because if you don’t have a handle on this, your data is probably on on some random website right now. It’s also a reminder that cyber security is not just about blocking malicious activity – Sometimes, it’s just about helping staff members to do their job in a secure way.

 

1 – Microsoft is accused of ‘blatantly negligent’ cybersecurity practices

Microsoft has been accused of blatantly negligent cyber security practises after it was slow to fix a flaw in its Azure platform which apparently enabled Chinese hackers to spy on EU S government.

This is according to the CEO of Tenable, a cyber security company, and recently reported in The Verge. Apparently tenable discovered a flaw in March which enabled attackers to access a companies sensitive data but Microsoft took more than 90 days to implement a partial fix and that fix only worked for new applications leaving existing applications exposed. Microsoft initially planned to deploy a full fix by the end of September but rolled out the fix shortly after the criticism by tenable’s CEO was published online. Microsoft says that no one other than the tenable researchers were able to exploit the flaw.

Key takeaway: Just like every house, every system has front doors and back doors. We rely on platform providers such as Microsoft to secure the back doors, and issues like this can arise which suggest that the back doors are not as secure as they could be. we must not let this distract us from our responsibility to secure the front doors (e.g. By ensuring users accounts are secured with multi factor authentication, and removing the accounts of leavers as soon as possible). Because the reality is most attacks against most organisations succeed because we haven’t secured the front doors.