The EQ Cyber Security Debrief 14.01.19
Each week at EQ Data we will be looking at the breaking news stories from the world of data and cyber security. From the latest cyber technology developments to data breaches and new marketing insights; you can find the debrief here.
High-profile German figures are target of Christmas-themed hack
Hundreds of German politicians and celebrities were subject to a very personal cyber-attack during December, when a hacker exposed their private messages, photos and financial information on Twitter. The cyber breach is one of the biggest for Germany, and was drawn out in a daily, advent calendar-style release of information via the social media platform. Victims included Chancellor Angela Merkel, Green party leader Robert Habeck and comedian Christian Ehring. A 20-year-old man has confessed to single-handedly carrying out the data breach, which is not thought to be politically motivated. Horst Seehofer, the German interior minister, has said he was “amazed” at the easily-guessed passwords being used on social media.
Vietnam accuses Facebook of violating its new cyber security law
Vietnam has accused Facebook of breaching its cyber security laws by allowing users to post slanderous comments relating to the government. At the beginning of January, a new cyber security law took effect in the country which regulates the activities of technology companies, and particularly opposes tech firms spreading false information or manipulating the public against the ruling Communist party. The law also requires that any data which is collected in Vietnam by cyber services companies must be stored within the country, and that foreign firms have local branches established in Vietnam. As yet Facebook has only commented they have a “clear process for governments to report illegal content” and that these are reviewed against Facebook’s “terms of service and local law.”
Incorrectly entering email addresses can lead to fraud, BBC report finds
Many businesses use email validation to give customers access to online services, with email addresses often doubling as account usernames. A recent BBC investigation has drawn attention to the vulnerability of this method; incorrectly entering an address can give individuals’ access to other users’ private information. The investigation found that inputting the wrong email address when signing up to a credit service from ClearScore meant the company then emailed the correct owner of the email address, providing the individual with means to change the password and access the original sender’s personal data and credit records. While this is a worst-case scenario, it shows how an email mix-up could be taken advantage of in the hands of the wrong recipient.
Level four launch of cyber security apprenticeship aimed at resolving enterprise skills gap
The issue of cyber security knowledge gaps is a pertinent one given the current cyber climate, and in the UK directives such as the Cyber Security Skills Strategy are working to address the shortage. Bletchley Park Qufaro and Global Knowledge (GK) Apprenticeships have recently announced Level Four of their Extended Project Qualification (EPQ), an online apprenticeship which equips learners with the latest training, supporting aspiring cyber security experts or professionals looking to update their knowledge. The EPQ in cyber security was first launched in 2016 and is a UK- first, equivalent to an AS- level qualification. Level Four is a challenging course responding to the needs of businesses who require greater cyber security knowledge. A Level Three is also being developed with more students in mind.