As we head into the darker months of the year, we’re spending less time outdoors and more time on our tech, the perfect scenario for hackers. It’s been a busy month for cybercrime, with cyberattacks across many industries and repercussions for organisations that fail to disclose the impact accurately.
We'll examine some of this month’s biggest news stories and the recent DSIT report, The Cyber Essentials Scheme Impact.
Sellafield Ltd, which manages one of Europe’s largest nuclear facilities, was fined £332,500 by the UK nuclear regulator for failing to meet cybersecurity standards between 2019 and 2023. The Office for Nuclear Regulation (ONR) found that Sellafield’s IT systems were vulnerable to unauthorised access and data loss, raising concerns about potential impacts on facility operations.
Though there was no evidence of actual breaches, the ONR criticised Sellafield for ignoring prior guidance and said the company was at risk from phishing attacks and insider threats. Sellafield has since taken steps to improve its cybersecurity, and Energy Secretary Ed Miliband is seeking assurances that similar failings won’t occur again.
Japanese tech company Casio confirmed a cyberattack on 5th October. Unauthorised access was gained to its networks, causing system disruptions that affected some services. While details remain limited due to an ongoing investigation, Casio is collaborating with external specialists to assess whether any personal or confidential information was compromised.
The incident has been reported to data protection authorities, and increased security measures have been implemented. This marks Casio’s second cybersecurity breach in recent years, following a data breach in its ClassPad platform in 2022. The breach occurs amidst Casio’s financial struggles, as it faces significant restructuring costs.
France’s second-largest telecom company, Free, confirmed a cyberattack that compromised personal data linked to some subscriber accounts. The breach, which targeted an internal management tool, did not expose passwords, bank details, or user communications.
Free has filed a criminal complaint, informed cybersecurity authorities, and contacted affected subscribers. The attack surfaced after a cybercriminal allegedly attempted to sell databases claiming to include data from 19 million Free customers. Free states it has taken immediate steps to end the attack and bolster system security.
The ransomware group Black Basta has intensified its social engineering tactics by using Microsoft Teams to breach organisations. Cybersecurity firm ReliaQuest reports that the attackers impersonate support staff in Teams chats, adding users to conversations with external actors from fake accounts and deploying branded QR codes that likely lead to malicious sites.
These attacks are said to originate mainly from Russia, often involve rapid spam, and lead to the installation of remote monitoring tools, facilitating lateral movement within networks. The goal of these sophisticated attacks appears to be ransomware deployment.
The US Securities and Exchange Commission (SEC) has fined four companies, Avaya, Check Point, Mimecast, and Unisys, for misleading disclosures about the 2020 SolarWinds cyberattack. Each firm minimised the breach's impact in public statements despite knowing the extent of unauthorised access by Russian actors.
The penalties range from $990,000 to $4 million, with Unisys facing additional charges for poor disclosure controls. The SEC emphasised that companies must transparently inform shareholders of cybersecurity risks, stating that vague or downplayed disclosures leave investors to be made aware of the true impact of such incidents.
The Department for Science, Innovation, and Technology recently released its new report, Cyber Essentials Scheme Impact Evaluation, highlighting some interesting statistics about Cyber Essentials' rise and its positive impact on organisational cybersecurity.
The report confirms Cyber Essentials' effectiveness in boosting cyber resilience for companies of all sizes. 85% of users report better awareness of cyber risks, and 91% feel confident about mitigating them. Even more positively, the businesses certified by Cyber Essentials experience 92% fewer insurance claims, suggesting the scheme’s strong influence on risk reduction.
Cyber Essentials continues to help protect businesses nationwide and promote strong cyber hygiene. If you’re interested in Cyber Essentials certification and would like to add this service to your portfolio, you can contact one of our team members to discuss it further or read more about our vendor, CyberSmart, here.
The ongoing cyberattacks worldwide demonstrate the critical need for tough cybersecurity strategies for businesses of every size and sector.
At Brigantia, we’re dedicated to equipping our partners with top-tier cybersecurity solutions that tackle the evolving challenges in today’s cyber threat landscape.
Together with our partners, we safeguard businesses of all sizes from cyber threats. Visit our website to explore our vendor portfolio, learn about our partnerships, or read more articles like this one.