The Week In Review : 7th April

There is no doubt in the minds of us all that the forthcoming Brexit negotiations and eventual ‘deal’ is going to throw up as many questions as it possibly answers

One, however that is already answered and there is no ambiguity is that regarding the adoption of the EU General Data Protection Regulation, or GDPR.

This regulation, that will harmonise data protection measures throughout Europe, comes into force in May 2018, which will be almost a year ‘before’ the UK completes its Brexit process.

That being said a survey of IT decision makers at UK companies by information management firm Crown Records Management has found 24% are no longer preparing for the regulation. A further 4% have not even begun to prepare and most alarmingly, a massive 44% of those surveyed said they didn’t think the regulation will apply to UK business after Brexit.

Companies who are adopting this strangely misinformed approach would do well to remind themselves that non-compliance with GDPR from May 2018 could result in fines as high as €20 million or up to 4% of global turnover – and nobody is going to want to be on the end of that fine hoping that the excuse of ‘we didn’t think it meant us’ will get them out of trouble!

When you receive a txt message from what seems to be a reputable government agency offering a refund, it’s hard to resist taking action on it. However, this week the blog from Sophos, Naked Security, did a great ‘tear down’ of a recent scam the appeared to be from the DVLA, the UK’s Motor Registry.

They showed how by clicking on a link in a txt message took a potential victim to a website that to the untrained eye looked genuine and then coaxed them into entering personal information into the site, including debit card information that a faux refund would be credited to.

They go on to give solid advice on how to recognise these scams and what to do to avoid getting entwined in them. This is especially useful as more and more are appearing all the time. Although cyber security can be a complex subject, these rudimentary lessons need continued reinforcement.

Just when I thought I’d heard it all regarding hacks, SC Magazine surprised me with a proof-of-concept where earlier this month three Israeli security researchers demonstrated the possibility of remote attackers exploiting vulnerabilities in scanners to deliver malware. Yes, desktop scanners, those peripherals that in my mind would be the last ones ever to fall victim to exploitation.

Using the light sensitivity of the scanner, they devised several methods to deliver data via a nearby laser, including one on a drone, and even sent from a passing car to a smart bulb within an organization’s environs. Their incursion could be used to launch ransomware attacks.

As the SC Magazine article states that the success of this research continues to illustrate the dangers inherent in a number of Internet of Things devices.

And just like GDPR, IoT device security can’t be ignored either!

For links to all these stories and more, or to contribute with some comments join us by searching for the National Cyber Skills Centre on our social channels of FaceBook, LinkedIn and Twitter, or just click the relevant links from our website.

Share: Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedInPin on PinterestEmail this to someone