Cyber news: phishing on the rise; Twitter ends SMS authentication; Malicious XLLs

As SNP MP Stewart McDonald shared how his emails got hacked by a Russian group, it’s a timely reminder that phishing attacks are becoming more targeted and more sophisticated. Finance professionals are particularly at risk of this type of attack, because of the often valuable information they have access to, that hackers could use to make substantial financial gains. The National Cyber Security Centre (NCSC) has shared more information on this type of attack, and what to look out for.

Meanwhile, multi-factor authentication (MFA) has been in the news recently, as Twitter has announced that SMS authentication will be disabled for the majority of users next month. Having some sort of additional authentication on your social media accounts is strongly recommended, so this article from the Guardian explores what alternatives are available.

The NCSC has also recently warned of the risk posed by malicious Excel add-ins, or XLL files. Hackers have moved away from using Excel macros to carry out attacks since Microsoft largely blocked macros from untrusted sources last year. ICAEW Excel Community contributor Simon Hurst explores a bit more about what this means for Excel users.

And as ChatGPT continues to draw attention from a cyber perspective, what impact will chatbots have on cybersecurity? Can we rely on the same defences as before, or is a different approach required?

Threats and risks: hospitality and charities on alert

NCSC has issued an alert to the hospitality sector. Criminals are increasingly targeting restaurants and hotels, posing as IT providers in an attempt to gain access to their systems and steal customer data. Ensuring appropriate MFA is in place, as well as training all staff to be aware of the risks and how to identify genuine IT suppliers, will play a key role in reducing the risk.

A Cyber Threat Report for the UK Charity Sector has also been published, exploring current threats to the sector, and how charities can get help.

For more current issues, read the latest NCSC Threat Report here.

Cyber security updates: Cyber Essentials updated; 10 steps to cyber security

An important update is coming to the Cyber Essentials and Cyber Essentials Plus certification programmes, which should ensure they continue to meet the requirements of UK businesses. Launched at Chartered Accountants’ Hall in 2014, Cyber Essentials sets out a core set of security requirements that organisations can be certified against. This year, the technical requirements are being updated in April, with more details on the NCSC website.

As more and more organisations turn to low- and no-code technology solutions, it’s worth being aware of the top 10 security and privacy risks associated with low/no-code development platforms.

Finally, as ever, NCSC’s 10 Steps to Cyber Security remains a useful guide for organisations of all sizes to ensure they are protected.

Webinar on-demand

Watch our recent webinar, Why cyber security makes good business sense, featuring the latest insights from City of London Police and the Love Business Hate Fraud campaign.

Got an interesting cyber story for us? Email ian.pay@icaew.com