Weekly podcast: Solid-gold cyber crime, the Great British Firewall, and the Federal CISO

This week, we discuss the theft of £88,000 worth of gold by criminal hackers, ambitious plans from the NCSC’s new CEO, and the appointment of the first Federal Chief Information Security Officer.


Hello and welcome to the IT Governance podcast for Friday, 16th September. Many thanks to Sophie for deputising last week. Here are this week’s stories.

A 25-year-old-man was jailed this week after hacking a bullion firm and using the data he illegally accessed to steal nearly £90,000 worth of gold. The Evening Standard reports that Adam Penny of Canary Wharf stole customer names, addresses and tracking numbers, and passed them on to three associates who then intercepted deliveries of gold bullion. The group sold the gold – worth an estimated £88,000 – to an unsuspecting London jeweller.

Detective Inspector Sanjiv Gohil of the Metropolitan Police’s cyber crime unit said, “This case highlights the importance of robust cyber security systems for businesses and particularly those with an online presence.

“In this case the breach was reported to the police and we were able to investigate and bring Penny to justice, without further compromise to the company and their customers.”

GCHQ is planning to create what many parts of the media have called a ‘Great British Firewall’ to block cyber criminals. On Monday, Ciaran Martin, the first CEO of GCHQ’s new National Cyber Security Centre (NCSC), told the Billington Cyber Security Summit in Washington, DC, that he expects the UK to face a “stand-out incident of hostile foreign cyber attack [that will resonate] as a first-order national crisis”, and that it’s the government’s responsibility to work with industry and law enforcement to do something about it.

In his maiden speech as CEO of the NCSC, Martin warned that, last year, GCHQ had “detected twice as many national security level cyber incidents – 200 per month – [as it] did the year before”. He also noted that “65% of all large UK companies reported a breach in the last year.” More positively, however, he pointed out that the “great majority of cyber attacks are not terribly sophisticated [and] can be defended against. And even if they get through, their impact can be contained.”

The NCSC is therefore, he said, “exploring a flagship project” to work with Internet service providers to block known malware and bad addresses with DNS filtering. The plan is still in its infancy, but privacy campaigners have already expressed concern. According to the Guardian, ‘Thomas Falchetta, a legal officer for Privacy International, said: “Given the broad scope of GCHQ’s hacking operations both domestically and abroad, this seems like the fox protecting the chicken.”’

Another high-profile security appointment, this time on the other side of the Atlantic: the United States has named its first Federal Chief Information Security Officer. Brigadier General (retired) Gregory J. Touhill – the man who led the response to the 2015 OPM breach that affected 22.1 million people – will “lead a strong team within [the Office of Management and Budget] who have been at the forefront of driving policy and implementation of leading cyber practices across federal agencies”.

Well, that’s it for this week. As ever, please feel free to comment below, telling us a bit about yourself and what you’d like more information on and we’ll do our best to answer in the coming weeks. Until next time, remember that you can keep up to date with the latest information security news on our blog.

And don’t forget to check out our book of the month, Nine Steps to Success – An ISO27001:2013 Implementation Overview by Alan Calder. Revealing the methodology used by IT Governance’s consultants in hundreds of successful ISO 27001-compliant ISMS implementations, this book will help you through every stage of your ISO 27001 project.

Whatever your cyber security needs – whether regulatory compliance, stakeholder reassurance or just greater business efficiency – IT Governance can help your organisation to protect, comply and thrive. Visit our website for more information: itgovernance.co.uk.