Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Comment: Red Cross Hack

January 2022 by Matt Aldridge, Principal Solutions Consultant at Carbonite Webroot

After the charity Red Cross has been hacked, meaning the details of over half a million vulnerable people are at risk of being leaked to or sold onto the dark web.
The comment from Matt Aldridge, Principal Solutions Consultant at Carbonite + Webroot.

“It’s clear that the public sector is currently a key target for cybercriminals amid the pandemic, and unfortunately this attack has demonstrated that the charity sector is no different.

Although we’ve seen a recent trend of cybercriminals becoming more ‘ethical’ in the types of organisations they go after, ICRC may hold valuable personal, operational, and political data which makes them a tempting target for malicious state and criminal actors alike.

A potential concern here is the use of stolen data to enable further attacks. It is much easier to fool victims with a phishing email once you know details about them. Individuals should remain vigilant in scrutinising the types of emails they receive and remember to never share personal or financially sensitive information over the internet. Unfortunately, these threats are becoming more sophisticated and believable, and it only takes one click to put users and entire organisations at risk.

It’s therefore crucial for all charitable organisations to consider cybersecurity defences as a necessity and to secure the necessary budget and mindset to implement them. Secondly, data must always be backed up so systems can be restored if needed. Staff training is another essential for defending against phishing and other social engineering attacks, so they know what to look out for. The training materials used also need to be constantly updated to reflect the latest threat trends, and regular simulations should be run to ensure that the training is having the desired effect.

Finally - as we see in this case, the security of third-party vendors must be carefully scrutinised, and outsourcing a particular technical challenge does not absolve the purchaser of its responsibilities around data protection. Attacks against supply chains and managed service providers are continuing to grow in volume and sophistication, so ensure that you evaluate your partners carefully.”


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts