Cyber Essentials is a UK government-backed scheme which provides cybersecurity advice and support for organisations. One would imagine, therefore, that it is red hot on its own data security? Apparently not, as the body has just suffered a breach exposing the names and email addresses of consultancies cleared to work on government projects.
This embarrassing slip-up has been laid at the door of Cardiff-based Pervade Software, supplier of the technology behind the assessment platform used by the IASME Consortium and its affiliated accreditation scheme, Cyber Essentials. It appears that poor installation and a fairly basic configuration error by the software provider are at the heart of the problem.
While it seems that only the contractors’ names and email addresses have been breached by the phishing attack, contractors who are registered to the scheme are understandably unimpressed. Not only does this breach leave them at greater risk of phishing attacks, it also exposes their companies as government contractors.
Data breaches are common and easily occur due to a range of factors – such as in this case, where a config error led to exposed confidential information. Incidents of this nature can quickly spiral out of control and cost the affected company plenty of money they’d likely rather spend elsewhere. While solid security does go a way to managing the risk of a breach occurring, insurance provides the means to mitigate the consequences of a breach when it does happen. It’s a crucial component of an overall risk management strategy.