Luton Borough Council fall victim to cyber attack
A report conducted by the National Investigation Service (NATIS) found that Luton Borough Council and the South East Midlands Local Enterprise Partnership (SEMLEP) were the victims of a costly attack, with £1.1 million stolen by a criminal enterprise with links to money laundering and cyber enabled crimes.
This incident highlights the fact that some cyber attacks are, and will continue to be, convincing in their nature. Having hacked into a SEMLEP staff member’s account, they were able to masquerade as a trusted individual and contact Luton with fraudulent bank details of the school that was supposed to receive the stolen money. Though the funds have not been recovered, the investigation continues and NATIS have made a number of recommendations in their report for both Luton and SEMLEP to take on board.
What this also reinforces is the importance of staff looking out for anything different or suspicious and to double check if they’re not 100% certain. Just doing this could prevent an incident from occurring and give staff the confidence in knowing how to handle situations like these.
CC2i Fundamentals can help your staff to look for those signs with a dedicated Phishing module focusing on the various forms it takes, such as in emails, phone calls and more. The module also gives staff a customised call to action to report anything untoward, making it bespoke for each organisation whilst also providing clarity on exactly what to do.
Lasting just under 10 mins, it is bitesize and can fit around the working day. As an extension to this, Fundamentals also offers a Social Engineering tutorial, which focuses on the psychological mechanisms of a cyber attack – an important area to be covered as Phishing comes under the wider umbrella of Social Engineering. Included in the tutorial are various case studies exemplifying how staff are tricked into handing over sensitive information without thinking twice.
What happened to Luton could easily happen to any other organisation but the risk can be mitigated with effective cyber training. Fundamentals place the emphasis on staff being an active line of defence whilst acknowledging that cyber security training can’t dominate the usual work day routine – a number of features are available which can ensure a staggered approach and effective take up.