FCA review finds weaknesses in challenger banks’ financial crime controls

A recent review conducted by the Financial Conduct Authority (FCA) has found that some challenger banks have significant weaknesses within their financial crime controls and need to improve how they assess financial crime risk.

The review, which was conducted during 2021, has revealed that, in some instances, challenger banks did not have financial crime risk assessments in place for their customers. It also identifies a rise in the number of Suspicious Activity Reports reported by challenger banks, in turn raising concerns about the adequacy of these banks’ checks when taking on new customers.

The review focused on challenger banks that were relatively new to the market and offered a quick and easy application process. This included six challenger retail banks, which primarily consist of digital banks, and covered over eight million customers.

The review did find some evidence of good practice, for example when it comes to the innovative use of technology to identify and verify customers at speed.

Financial crime controls need to be ramped up

Cyber crime on the rise

Sridhar Iyengar, managing director at Zoho Europe, commented: “Today, cyber crime and fraudulent activity is rapidly on the rise with more sophisticated episodes taking place all over the world. It’s no surprise that challenger banks are being impacted, but being able to verify customers at speed is no use if suspicious activity is being missed. As it stands, money launderers are still able to evade detection by capitalising on the shortfalls within a banks’ technological infrastructure.”

Iyengar continued: “There are many new features that can help make systems more secure or raise red flags early. Companies including banks can now benefit from the likes of Artificial Intelligence-based systems to help identify potential fraudulent activities. Immediate action can be taken and customers will remain sheltered from risk.”

Further, Iyengar stated: “In highly competitive markets such as banking, having modern IT systems in place can make a real difference in terms of providing business value and positively impact customer trust and the customer experience as a whole. For market challengers, this is even more important.”

The growing cyber risk, coupled with the growth of hybrid working, which can potentially add further security risks, makes it imperative for all businesses to assess their current IT systems.

Iyengar concluded: “Keeping operations secure, efficient and compliant with regulations is a different endeavour to what it was just a few years ago, and demands that all organisations modernise their IT systems such that the latter are fit for purpose in the post-COVID business landscape.”

Three-year strategy

Sarah Pritchard, executive director for markets at the FCA, said: “Our three-year strategy highlights our commitment to reducing and preventing financial crime. This is important in terms of creating confidence for consumers and market participants in financial services and in demonstrating that the UK is a safe place in which to do business.”

Pritchard concluded: “Challenger banks are an important part of the UK’s retail banking offer. However, there cannot be a trade-off between quick and easy account opening and robust financial crime controls. Challenger banks should consider the findings of this review and continue to enhance their own financial crime systems in order to prevent harm being done by criminals.”

SASIG forms all-new Independent Advisory Board

The Security Awareness Special Interest Group (SASIG) has established an Independent Advisory Board for its forthcoming ‘Big SASIG’ event comprising Chief Information Security Officers (CISOs) and industry experts who have been hand-picked for their wide-ranging expertise and knowledge of the cyber security industry.

The new Independent Advisory Board will assess proposed presentations and workshops taking place at ‘Big SASIG’, the flagship in-person SASIG event. The one-day conference will focus on the role of cyber security resilience and consider how the business community and public sector organisations are preparing for, responding to and recovering from cyber attacks.

The exclusive, invitation-only event is taking place on Wednesday 25 May in the City of London.

Mark Walmsley, global CISO and managing director at Freshfields Bruckhaus Deringer, has been appointed chair of the ‘Big SASIG’ Independent Advisory Board.

Commenting on his appointment, Walmsley stated: “Our role is to make sure that the agenda at ‘Big SASIG’ features what matters most to cyber security professionals. Our sector insight is intended to maintain SASIG as the cyber security network of choice, where members can debate solutions, exchange examples of Best Practice and garner positive change in confidence.”

Martin Smith MBE, founder and chair of the SASIG, added: “The new Independent Advisory Board will keep ‘Big SASIG’ on top of the biggest issues in cyber security. Our ethos is different. Delegates come first, while vendors and users meet as equals. ‘Big SASIG’ is a real learning experience, delivered by experts from both the user community and partners. Together, they can explore risks, strategies and real-life improvements such that they can prepare for and prevent cyber attacks.”

Independent Advisory Board members

The members of the ‘Big SASIG’ Independent Advisory Board include:

*Mark Walmsley (chair)

*Helen Rabe (global CISO, Abcam)

*Andrew Gould (Detective Chief Superintendent and lead for the National Cyber Crime Programme at the National Police Chiefs’ Council)

*Mandy Haeburn-Little (CEO of Business Resilience International Management)

*Andrew Gudgeon OBE (head of ERM and operational risk for the UK and Ireland at Zurich Insurance)

*Jim Griffiths (head of information security, governance, risk and compliance at British Sugar)

*Paul Norton (founder and CEO of CyberHalo),  

*Sir Ian Andrews CBE (vice-chair of the National Preparedness Commission, former chair of the Serious Organised Crime Agency and senior independent director for NHS Digital)

*Steven Wilson (CEO of the Cyber Defence Alliance)

More information on the Independent Advisory Board can be found online at https://bigsasig.com/advisory-board/

To register your interest in ‘Big SASIG’ access the registration link at https://event.bigsasig.com/event/6d11b7c9-8224-40e6-8005-bef8deb314aa/regProcessStep1:61b10ddc-db89-49c2-8dad-c938bb695efc

The inaugural ‘Big SASIG’ event was held in March last year. ‘Big SASIG 2’runs at 155 Bishopsgate in central London and will bring the cyber security community together once again. To register as a delegate visit https://bigsasig.com

‘Big SASIG’ Cyber Security Conference to feature ‘Cyber Resilience in the Real World’

The Security Awareness Special Interest Group (SASIG) has confirmed that the second edition of its one-day cyber security conference dubbed ‘Big SASIG’ will focus on resilience – ie preparing for, responding to and recovering from cyber attacks – in the real world. 

The unique environment of ‘Big SASIG’ explores the challenges facing cyber security professionals across all sectors. This exclusive invitation-only event is taking place on Wednesday 25 May 2022 in the City of London. The concept has proven extremely popular in the cyber security community following the hugely successful first edition, which was held virtually in March 2021. 

The second edition, to be held in an ‘in-person’ scenario, will feature keynote presentations from high-profile industry experts and a series of dedicated workshops covering how businesses should build resilience, how to view cyber security as a trigger rather than a risk.

The second edition of ‘Big SASIG’ is on the horizon

Martin Smith MBE, founder and chair of SASIG, said: “Our community has been through a turbulent period that has seen a renewed focus on cyber security. Protecting data, delivering remote working protocols and ensuring safety and security continue to be top priorities. ‘Big SASIG’ is the latest innovation to help cyber security professionals share experiences and learn from their peers and supporters. This second edition of the conference will see the community join forces once again in person.” 

With all content being reviewed by the SASIG Independent Advisory Board, presentations will focus on highlighting the need for solid IT foundations to cope with fast-moving cyber criminal activity, as well as robust levels of employee security awareness to protect organisations from all angles.

Peer-to-peer engagement 

Mark Walmsley, CISO at Freshfields Bruckhaus Deringer and chair of the SASIG Independent Advisory Board, commented: “At the core of ‘Big SASIG’ is peer-to-peer engagement at a high level. Facilitating informative, educational and thought-provoking debates so that CISOs can share experiences and learn from each other is what it’s all about. Doing business is a critical component of recovery from the pandemic. With this in mind, we’re excited at the prospect of this forum helping to create new opportunities for the upcoming year.” 

The inaugural edition of ‘Big SASIG’ welcomed more than 500 high-level participants, including CISOs and security directors from a cross-section of leading UK businesses and organisations, among them Barclays, the Cabinet Office, GlaxoSmithKline, HSBC, Microsoft, the Ministry of Defence, McLaren, npower and Telefonica UK.

‘Big SASIG’ is supported by (among others) Kaspersky, Verizon, Synack, Schroders, CybSafe, the British Standards Institution, Mandiant, SentinelOne, Tessian, Secrutiny.  

*For more information on the second edition of ‘Big SASIG’ visit www.bigsasig.com 

**To register for the event access https://event.bigsasig.com/event/6d11b7c9-8224-40e6-8005-bef8deb314aa/register

Konica Minolta delivers surveillance solution for The Sweyne Park School

Konica Minolta Business Solutions (UK)’s intelligent video solutions and MOBOTIX c26 3600 cameras are protecting pupils, staff and property at The Sweyne Park School in Rayleigh. The “highly accurate and comprehensive” vision capability of the cameras has enabled the school to reduce a number of analogue cameras (and the associated costs and resources required to operate them), while at the same time enhancing the quality to 4K resolution.   

The solution has also provided The Sweyne Park School with the flexibility to install the equipment themselves, without expensive third party sub-contractors.

Dan Joslin, network manager at The Sweyne Park School, commented: “The models are so easy to install that we can now fit and configure additional cameras within 20 minutes. The quality of the images returned is second to none, providing a clarity that’s above and beyond what our previous solution would provide. In addition to the capabilities of the cameras, the solution provides peace of mind that there will not be any blackspots in viewing, providing 24/7 security for everyone within the school grounds.” 

The school is using the surveillance solution to watch over corridors, dining rooms and vulnerable areas. Konica Minolta’s intelligent video solutions and cameras also deliver “unrivalled” levels of cyber security, with powerful built-in and constantly updated end-to-end cyber protection delivered to thwart hacker attacks (and at no extra cost to the client).

The Sweyne Park School in Rayleigh, Essex

The Konica Minolta interior cameras are mounted flush to the ceiling and use cloud-based technology. They also feature built-in and encrypted DVR management technology. A MicroSD card is fitted into each camera as back-up storage and continues to capture video recordings should the external network connection or recording fail for any reason. Upon reconnection, the camera re-syncs the recordings with the central cloud-based storage.

Adding more cameras

It’s easy to add more cameras and any required additional storage. No dedicated servers, recording or software licences are needed, thereby saving time and money both at the point of system purchase and during its lifetime. This low maintenance solution is perfect for any location.

Additionally, the intelligent video solution has the capability to use audio to broadcast messages and alerts, as well as deliver pre-recorded files to support the management of the school. This will form part of the implementation of a programme of pre-recorded lockdown security drills, with audio files providing guidance for pupils around fire safety, crowd management and general safety. 

Gary Fletcher-Moore, head of sales for intelligent video solutions at Konica Minolta Business Solutions (UK), concluded: “Our solution is intelligent and can expand virtually without any limits, ensuring long-term security for The Sweyne Park School. Software updates are available via a free download. This means that the solution can be updated and enhanced as the requirements of the school and its daily operations evolve. It’s a future-proof solution.”

Gallagher named first manufacturer to achieve CAPSS 2021 standard

Security technology developer Gallagher has become “the first manufacturer to achieve the Cyber Assurance for Physical Security Systems (CAPSS) 2021 standard” with its Command Centre software and High Security Controller 6000 product. Gallagher is delivering high-security solutions for Governments in the Five Eyes alliance, along with providing confidence for the management teams at Critical National Infrastructure sites that its software and hardware meets the toughest of cyber security-focused requirements.

Richard Huison, regional general manager for the UK and Europe at Gallagher, informed Security Matters: “Meeting this standard proves to ourselves, our channel partners, our customers and Her Majesty’s Government that we are at the top of our game.”

Gallagher has been focusing on the CAPSS 2021 standard

Huison continued: “Along with other manufacturers, Gallagher was part of the market research conducted by the Centre for the Protection of National Infrastructure (CPNI) to establish how new technology would influence the latest 2021 standard. Obsolescence occurs fairly quickly based on an ever-changing environment. On that basis, the standards must evolve.”

National security

The CPNI focuses on national security in the UK by helping to reduce vulnerability to terrorism and other threats posed to the national infrastructure. 

Gallagher’s Command Centre and High Security Controller 6000 had already passed the CAPSS 2015 standard testing procedure and was included in the CPNI’s Catalogue of Security Equipment (CSE). The CSE is designed to help organisations choose appropriate physical security equipment to protect the assets for which they are directly responsible.

“To be listed in the CSE provides assurance for all customers, not just our high-security and critical infrastructure customers,” stated Huison. “Gallagher is the only manufacturer that sits across multiple categories in the CSE, providing assurance across the various components that make up the Gallagher system,”

Within the CSE, Gallagher sits across the Access Control Equipment, CAPSS Approved and Detection and Tracking Systems categories. Gallagher’s Z10 Tension Sensor was added for the first time last year, while its Command Centre and High Security Controller 6000 were tested to the CAPSS 2021 v1.1 standard and added this month.

Cyber protection

“As we’ve seen in the news recently, with cyber threats growing in sophistication, it follows that cyber protection has never been more important,” explained Daniel McVeagh, value stream lead at Gallagher. “Cyber security is an essential part of Gallagher’s physical security solutions. Achieving the CAPSS 2021 standard provides our customers in the UK with confidence that their Gallagher system will not be the weakest link in protecting against a cyber attack.”

Gallagher has a proven track record and reputation when it comes to the delivery of high security solutions around the globe, meeting some of the world’s most stringent physical and cyber security-related Government standards.

McVeagh concluded: “We’re committed to delivering solutions that meet Government compliance standards, not just in the UK, but around the world, and particularly so across the Five Eyes nations.”

SASIG calls for great resilience in bid to counter cyber threat

The Security Awareness Special Interest Group (SASIG) is calling on cyber security professionals in the financial services sector to build greater resilience against the threat cyber criminals pose by investing in new skills.

The call follows the latest Financial Sector Cyber Security Symposium, organised by SASIG in conjunction with the Bank of England. The symposium was attended by more than 250 delegates who heard that cyber threats include a growing number of ransomware attacks and that these will almost certainly increase during 2022.

Supply chain service providers, who often cross international boundaries, were also seen as an increasing source compromising reasonably well-defended networks. 

A consistent theme during the symposium was that employees and supply chain partners alike must have the right skills to spot potential threats. Financial services firms that are at high risk can strengthen their ability to protect against cyber threats by creating a business culture that builds internal capacity and greater confidence.

Evolving landscape  

Martin Smith MBE, founder and chair of SASIG, said: “The cyber security landscape is constantly evolving. Cyber security professionals in the financial services sector are having to redouble their effort in the face of persistent threats. It’s critical that the industry invests in new skills to understand the threats being faced and also that it factors-in robust cyber resilience procedures to manage those threats effectively.”  

Smith added: “Nine out of every ten security breaches involve human intervention, either by accident or by design. By creating no-blame cultures, where cyber security is second nature, firms will be able to stop the majority of incidents. Continuous learning and shared experiences will also foster a relentless focus on security.”

Further, Smith noted: “To do this, we need to attract a new breed of cyber security professional to combine with established technical teams and vendors as a way in which to protect firms’ data, information and systems.”

Skills training 

Skills training and career development are being showcased at SASIG’s Cyber Security Skills Festival on Tuesday 22 February. The festival is being organised in association with the UK Cyber Security Council. It’s a virtual event that will feature high-profile keynote presentations and workshops concentrating on the latest cyber security issues.

A jobs fair will also run alongside the festival. Hundreds of job opportunities with leading private firms and public sector organisations will be on offer.  

*Attendance at the third annual Cyber Security Skills Festival is free for both attendees and employers. To find out more and register for a place visit www.thesasig.com/skills-festival 

SASIG warns cyber security profession to meet growing social media threat

The Security Awareness Special Interest Group (SASIG) is calling on cyber security professionals to strengthen procedures surrounding the use of social media. The warning about the growing threat posed by social media to the integrity of data and network security emerged during this week’s conference entitled ‘Cyber Security: The Implications of Social Media’ that was organised by SASIG in conjunction with The University of Surrey.

The audience of cyber security specialists explored the implications of the far-reaching change brought about by social media and how people interact on different platforms such as Facebook, Instagram, YouTube, Twitter, WeChat and others, highlighting the consequences of casual Internet surfing and posting.

Martin Smith MBE, founder and chairman of SASIG, informed upwards of 200 delegates that social media networks have become one of the biggest gateways for cyber criminals targeting individuals and businesses to gain access to sensitive information and data networks.

Smith stated: “Social media activity has boomed during the last decade and is now an integral part of communications for commercial and personal users. It creates many challenges for both business and personal use and can expose users to unintended risks.”

He continued: “Social media and Internet users often give up a considerable amount of personal data. However, if such information falls into cyber criminals’ hands, they can easily build a profile that gives them the capability to access sensitive personal and financial information.”

Further, Smith observed: “The new Online Safety Bill could prove to be a vital tool in the challenge to tackle the criminal gangs who target unsuspecting individuals and businesses. We strongly recommend that all organisations should take steps to strengthen their cyber security systems against attacks via social channels. Using a combination of education about threats and introducing stringent protocols can protect against misuse.”

Cyber Security Skills Festival

Career opportunities, skills and resources that protect commerce, industry and public services from cyber attacks will feature at the third annual Cyber Security Skills Festival being organised by SASIG in partnership with the UK Cyber Security Council. The event runs on Tuesday 22 February. 

Established back in 2004, SASIG is a peer networking forum for cyber security professionals who represent hundreds of organisations of all sizes here in the UK and emanate from both the public and private sectors.

SASIG boasts more than 6,000 members including Chief Information Security Officers and other decision-makers and influencers with responsibility for information security, as well as academics and Government agencies.

Annually, SASIG curates more than 150 information webinars and in-person events covering topical cyber security issues impacting business, commerce, Government agencies and other public sector organisations.

*Further information is available online at www.thesasig.com 

Facial recognition “to open new avenues for smart cities” in 2022

In 2022 and beyond, facial recognition technology will play a key role in the future of global urban development and assist in improving the experience of smart citizens. From personal convenience through to enhanced public safety, the range of applications is wide-ranging. That’s the firm belief of facial recognition technology solutions provider Corsight AI.

Using their face as their credit card, members of the public will no longer have to leverage cash for payments or worry about a stolen/lost wallet. A secure biometric system – such as that being pioneered by Amazon Go stores – makes paying for goods or services effortless.  

In terms of security and access, workplaces are beginning to understand the value of the technology as it can enable the seamless flow of people and facilitate the protection of sensitive locations by restricting access to approved visitors only. Spaces such as building sites, maternity wards and Critical National Infrastructure locations can all benefit from this software.

Facial recognition can also be used in smart cities to help identify those at risk. In the case of searching for a missing child or an Alzheimer’s patient, facial recognition technology can significantly speed up the process.

There’s a particular concern right now about the safety of public streets, especially so for women. Facial recognition technology can prove useful for recognising unusual behaviour and identifying and tracking known offenders throughout the city environment. 

Higher standards in 2022

As is the case with any technology, there are potential risks to using facial recognition, such as threats to privacy, violations of rights and potential data theft. These concerns are of significant importance and have even forced the hand of some public and private organisations to limit the use of the technology. This calls for thoughtful Government regulation moving forward and heightened responsibility for facial recognition technology vendors and operators to comply with the rules.

Currently, documents such as the General Data Protection Regulation (GDPR) are in place to set industry standards and provide ways for individuals to protect their personal data – and, by extension, their privacy and other Human Rights – which we’re seeing enforced. 

Although the industry continues to demand greater certainty from lawmakers, it’s evident that Best Practice is emerging from the application of the GDPR and its core principles. The use of Privacy Management Programmes and Data Protection Impact Assessments demonstrates the willingness to protect the data rights of citizens and maintain trust and confidence across our communities. A combination of these policies and their application will continue to ensure facial recognition technology can be used as a force for good. 

Cyber security

As data processing becomes more central to operations in 2022, organisations will need to be more responsive to the evolving cyber threat landscape. For facial recognition technology end users, in particular, securing biometric data will remain a top priority this year.

Cyber criminals are becoming increasingly sophisticated in their methods, and will now typically seek the most sensitive data to hold at ransom. Vendors must therefore implement the most stringent security measures to protect sensitive data and ensure end users are working hard to stay on top of the threat.

Customers will also demand more transparency from organisations about how they’re using their biometric data and how it’s being stored and protected. To garner trust, users of facial recognition technology must be more explicit in its use and set clear measures on individual privacy and data protection.

In 2022 and beyond, Corsight AI expects to see further commitment from policymakers and industry to develop even higher standards that attain levels not seen before. The move towards ‘Trustworthy Artificial Intelligence’, greater regulation and a genuine commitment to Human Rights will support the development of this software such that it can be used as a force for good.

Schneider Electric launches remote Cyber Risk Assessment service in UK and Ireland

The Cyber Risk Assessment is a non-invasive high-level assessment service performed by Schneider Electric’s cyber security experts that results in the provision of recommendations and a roadmap for achieving a given organisation’s cyber security objectives. The process is completed in less than one week.

With damages from cyber crime expected to reach $6 trillion this year, a small chink in a company’s armour can result in substantial financial and reputational losses in today’s business landscape.

In essence, the new service allows Schneider Electric to remotely assess its customers’ operations and provide them with an understanding of their cyber security risk posture by dint of identifying gaps and key risk areas that need to be remediated.

Schneider Electric has already applied this process to its own Flint smart factory during the digital transformation of the facility, which is over 30 years old.

“Assessing all of the cyber threats a company faces can be a daunting task, but as attacks become increasingly common, firms simply cannot afford to bury their heads in the sand,” explained David Pownall, vice-president of services at Schneider Electric for the UK and Ireland. “We’ve created the Cyber Risk Assessment service to be the first step towards building a reliable and robust cyber security programme. This assessment process should then serve as the starting point when applying cyber security requirements in an operational technology (OT) environment.”

High-level assessment

The Cyber Risk Assessment service is a non-invasive high-level assessment performed by Schneider Electric’s OT cyber security experts. The service aligns to control categories found within industry Best Practice and standards.

To ensure a complete and actionable summary report, Schneider Electric collects information about businesses’ OT systems before conducting interviews. This includes current cyber security policies, cyber programme objectives, applicable standards, existing cyber security tools and technologies. This is all in addition to an OT network diagram, which displays the location of critical assets on the network.

Personnel data is also used, including identifying those personnel most familiar with the OT network layout (ie OT/cyber knowledge) and stakeholders who can answer detailed technical questions regarding the OT equipment and assets used within the customer’s network.

Two-stage process

The Cyber Risk Assessment itself has two key elements to it. The first element is the assessment and report. The second centres on the consultation services to discuss the results in-depth and create a tangible roadmap for the next steps. Areas to be covered here include:

Cyber security assessment

*Documentation review (eg network diagrams, current cyber security policies and programme elements)

*Remote interviews with key OT and cyber security stakeholders

*Cyber security expert analysis identifying key risk areas, gaps and recommended steps for remediation

Schneider Electric will then create a report which provides a starting point to prioritise areas.

Expert consultation

*A deep dive into the results of the cyber security assessment. Schneider Electric’s cyber security experts provide detailed recommendations and step-by-step guidance for the implementation

*Companies can ask Schneider Eleetric’s experts questions and gain clarifications of the assessment results

*Experts outline a suggested time frame for implementation and budget estimate

*Workshop sessions will define a blueprint for cyber security and prioritise which areas to address

Within the assessment, Schneider Electric’s cyber security experts will conduct controls-related network discussions, including a review of network architecture, ICS system components, cyber security policies and procedures and also physical security procedures.

*Additional information is available online by visiting the Schneider Electric website

Government Actuary’s Department hit by circa 24,740 malicious e-mails per month

The Government Actuary’s Department has been hit by an average of 24,740 malicious e-mails every month. Data obtained and analysed by the Parliament Street Think Tank via a Freedom of Information request has revealed that a total of 74,221 malicious e-mails, including phishing, malware and spam, had been sent to the Government Actuary’s Department across July, August and September this year.

The Government Actuary’s Department provides actuarial solutions including risk analysis, modelling and advice to support the UK’s public sector. Government Actuary’s Department plays host to circa 200 employees across two offices – in London and Edinburgh – of whom around 165 are actuaries and analysts.

The majority of threats received by the Government Actuary’s Department were spam e-mails, with 38,653 attacks of this nature. In the three-month period under examination, there were also 35,497 phishing attacks and 71 malware or virus e-mails in circulation.

The total amount of phishing attacks decreased over the three-month period. In July, a total of 15,233 phishing attacks came through. In August, this number reduced to 12,111 attacks and, come September, the figure lessened once again to a total of 8,153 phishing attacks.

On average, there were 12,884 spam e-mails received across the three months. These e-mails have the potential to download viruses to staff members’ computers and steal passwords and personal information.

IT infrastructure investment

The Government is investing heavily in its IT infrastructure to the tune of almost five billion pounds on an annual basis. The Department for Business, Energy and Industrial Strategy alone spent almost two million pounds on laptops and smart phones last year. Some 1,216 mobiles were issued to departmental staff in 2020, with 1,557 computers or laptops also part of the mix.

Tim Sadler, CEO and co-founder of Tessian, commented: “The number of phishing attacks that today’s organisations have to deal with is relentless. Phishing is one of the easiest ways for cyber criminals to hack into a company. They just need one distracted or tired employee to miss the cues of an attack in order for it to be successful.”

Sadler continued: “While it’s encouraging to see that the Government is investing heavily in its IT infrastructure to support the workforce, it must also address the issue of whether or not robust security measures are in place to protect employees. In short, the people actually working from the devices. Any failure to do so means that the risk of security incidents caused by human error, such as falling for a phishing scam, will only continue to rise.”