Staff at the Northern Ireland Assembly were warned to update their passwords after its IT system suffered multiple targeted cyber attacks.
According to the Belfast Telegraph and an Assembly spokesman, the Assembly’s IT system experienced a number of unauthorised attempts to access email accounts. The Assembly is now taking steps to mitigate future threats.
Tony Pepper, CEO of Egress, said:
Cyber-criminals come back to this type of attack time and time again because human error is always the greatest area of weakness when it comes to cyber-security […] In this attack, and countless others, hackers were banking on poor security practices to help them through the door, such as weak or re-used passwords, and urging staff to update their credentials is simply not enough.
Bill Evans, senior director at One Identity, said that “[e]nd user education may have limited some of the risk. One of the first things users need to learn is the use of strong passwords and the risks of weak passwords”.
Educating end users as part of a wider cyber security strategy will help mitigate the risk of future attacks. Although this won’t solely eradicate the problem, it will inform users of the consequences that their careless actions – such as reusing a weak password – could have. For those who work with highly sensitive information in governmental organisations, it’s even more important to ensure that all staff have a comprehensive understanding of information security best practices and cyber security threats.
Commit to cyber security training
It can be hard work putting in place a comprehensive course from scratch, so many organisations invest in programmes such as our Information Security Staff Awareness E-Learning Course.
This course will familiarise your employees with the basics of information security, including security threats via email, the Internet and the workplace. It’ll also introduce them to your policies on incident reporting and responses.
The subject matter isn’t technical, as the course is aimed at anyone who processes information or uses information technology in their job.