accountants and business advisers
Chief Executive Officer
31 May 2019
Continuing our journey towards Thailand 4.0. In this months edition, a worrying trend of cyber attacks on education facilities, and the usual other litany of digital skullduggery and cyber intrigue, many of which featured sophisticated ransomware attacks.
The following is a rundown of what happened during the month of April 2019. We welcome your comments, insights and questions.
Tom’s Takeaway: Educational institutions will continue to be a target. In our experience, educational entities try to promote an open and collaborative atmosphere, often times at the expense of security, assuming they can have the best of both. Our mission is to inform not only the educational institutions but also the readers of this Cyber Roundup that you can have both an open atmosphere and security. Processes may need to be re-engineered and staff educated, but it is certainly doable. We try to shift our client’s perception that security is not always about saying “No,” but to saying “Yes” with alternative and more secure approaches.
Tom’s Takeaway: As businesses increasingly rely on third parties to operate, enhance, and grow their business, attacks against the supply chain are only going to increase. Attackers actively search for the weak links in the security chain, and many times that link is a third party. The only way to address this threat is to ensure that you have a process in place to assess the security posture of any third party you interact with that can pose a direct or indirect threat. Incidents will always occur, but the question to ask yourself is can you demonstrate to your stake holders that reasonable measures were taken to understand and manage the third party risk.
Tom’s Takeaway: While a company can never prevent the receipt of business compromise e-mails, they can implement a multi-layered approach internally to prevent the fraudulent transfers from completing. Core to our assessment approach, we always confirm that our clients are structured to avoid a business e-mail compromise event. If you would like to learn more, please feel free to contact me.
Source: PKF O'Connor Davies
For more information on how our services can help your business get in touch.