
The fourth most popular grocer in Britain, Morrisons, recently found that the bank account and pay data for most of its workforce has been posted on the net and handed to a news publication.
While not considered a cyber attack – aside from the data being stolen and published online – it does show how easy it can be to work around perimeter defences when an insider, with the right skill-set, has malicious intentions.
The cyber security industry quickly offered suggestions on how this could have been avoided.
According to Reuters, a spokesperson from the company said that early investigations suggested the act was not an external breach of its systems. The spokesperson also said that no customer data has been lost in the process and no staff member will be at a financial disadvantage, adding that Morrisons is working alongside authorities on cyber crime – as well as the police – to catch the perpetrator.
Arbor Networks’ Darren Anstee told SC Magazine UK:
“Companies must have incident handling response plans and teams in place to minimise the impact of any breach. Managing an incident like this efficiently can actually enhance reputation, if done well.”
In that respect, Avecto co-founder Paul Kenyon told SC Magazine UK that Morrisons should be given credit for having done everything it could have after the fact. He said it made the necessary report, quickly performed a review of internal security and responded from top-level management. Inside threats are not easy to combat, which is why companies such as Morrisons need to seek out the right personnel when advertising cyber security jobs to identify such threats.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.