The IT Governance Weekly Round-Up
In a tumultuous news week, some things never change. July kicked off with several major data breaches, and we take a look at everything you need to know in this newsletter, including our July Catches of the Month feature, which looks at the freshest phishing scams. We also delve into security incidents at the British Army, the world’s largest NFT marketplace and, yes, yet another breach at Marriott Hotels. Plus we bring you our usual selection of cyber security tips and advice, including our guidance on how to get the most out of your e-learning programme.
Catches of the Month: Phishing Scams for July 2022
Welcome to our July 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over their personal data. This month, we look at a cyber attack at OpenSea, a US school district that was tricked into transferring funds to a crook and a report on the rising threat of phishing.
How to Get the Most Out of Your E-Learning Programme
Did you know that when presented with new information, we will forget half of it within a day? This is according to the Ebbinghaus forgetting curve, which theorises that people’s ability to recall facts decreases rapidly if there is no attempt to retain them. The effect begins almost immediately, and within a week we will have forgotten almost everything that we learned. You can probably attest to this anecdotally, but it also presents major issues in the workplace – particularly when it comes to staff awareness training.
IT Governance Podcast Episode 3: NCSC guidance, Amagasaki data breach, Maastricht University and the metaverse
In this week’s IT Governance Podcast, we discuss new NCSC guidance on avoiding cyber security “staff burnout”, a data breach affecting a Japanese city’s entire population, good news for the ransomware-hit Maastricht University, and the privacy implications of the metaverse.
Official British Army Twitter and YouTube accounts hijacked by NFT scammers
Hundreds of thousands of people who follow the official social media accounts of the British Army may have been surprised to see that it had been hijacked by hackers yesterday.
Although many might have imagined those responsible for the hack might have been a foreign state's cyberwarfare unit, the perpetrators appear to have been scammers exploiting interest in non-fungible tokens (NFTs).
The British Army's verified Twitter account was flooded with promotions related to giveaways and competitions related to NFTs, aimed at enticing its 362,000 followers to visit a scam minting website.
Users of biggest NFT marketplace warned over phishing after data leak
The world’s biggest marketplace for non-fungible tokens (NFTs) has warned its users to be on the alert for email phishing attacks following a massive data leak.
OpenSea, where traders exchange the crypto assets, told customers and newsletter subscribers not to open emails and files “sent by strangers” after revealing the breach.
Recommended by LinkedIn
It said its email database had been passed to an unnamed “unauthorised external party” by an employee at a firm used by OpenSea to send automated emails.
Ransomware Attacks Cost the Education Sector Millions
The education sector is often cited as one of the most vulnerable to ransomware, but a new report has revealed just how damaging the threat is. Jisc’s Cyber Impact Report 2022 found that UK educational institutions spend £2 million on average responding to ransomware attacks. Jisc is a non-profit organisation that provides the UK’s education sector with IT services. Dr John Chapman, the head of strategy and policy at the Janet network, warned that the UK education sector must pay greater attention to the threat of ransomware.
Marriott Hotels admits to third data breach in 4 years
Crooks have reportedly made off with 20GB of data from Marriott Hotels, which apparently included credit card info and internal company documents. The group shared screenshots of customer credit card authorization forms, including full card details, and said its members were in communication with Marriott though the hotel chain stopped talking.
Hackers claim they breached data on 1 billion Chinese citizens
Hackers said they have breached the personal data of 1 billion Chinese citizens from a Shanghai police database and offered it for sale, a leak that, if confirmed, would be one of the largest such exposures in history — but many victims may never learn of it because of censorship.
Flash briefing: The growing importance of implementing a cyber-defence-in-depth strategy
With new vulnerabilities being identified constantly, understanding your organisation’s security weaknesses is paramount. The current political climate also means that organisations have been urged to bolster their cyber security defences and tactics as the Russian invasion of Ukraine continues. Join IT Governance Founder and Executive Chairman Alan Calder on 12 July for this flash briefing explaining the importance of defence in depth and the five stages of developing a strategy.
Free PDF download: A Concise Guide to Data Protection Impact Assessments (DPIAs)
The General Data Protection Regulation (GDPR) has introduced an obligation to conduct data protection impact assessments (DPIAs) for high-risk processing activities. This guide explains exactly what DPIAs are, why and when you need to conduct them, and offers a straightforward approach that you can tailor to your needs in order to conduct your assessments efficiently, effectively and in line with the law.