A phishing email leads to a £4.4m fine

I write a lot about phishing emails and social engineering attacks, because it is probably the way threat actors could most easily get malware inside your defences and from there compromise your security, your information and ultimately your wallet!

The Berkshire based construction company, Interserve Group Ltd, with an employee count of over 113,000 has been found to have not taken sufficient cyber security steps including not training its staff in cyber security risks and threats. The cyber incident that leaked a raft of personal information about the staff, including “…contact details, national insurance numbers, and bank account details, as well as special category data including ethnic origin, religion, details of any disabilities, sexual orientation, and health information“, (ICO), started with a member of staff opening a malicious phishing email.

The UK Information Commissioner has warned that companies are leaving themselves open to cyber attack by ignoring crucial measures like updating software and training staff.

ICO
phishing emails
Cyber Security Experts | Awareness | Training (cyberawake.co.uk)

Further Reading

Outsourcer Interserve fined £4.4m for failing to stop cyber-attack | Interserve | The Guardian

Australian companies to face fines of $50m for data breaches | The Guardian