Security experts have stood up for cybersecurity whistleblowers after a report on Monday claimed a senior employee at a well-known carmaker was fired after raising concerns about fraud.

The Volkswagen staffer was dismissed weeks after raising the alarm about possible vulnerabilities in the company’s payments platform, Volkswagen Payments SA, which JP Morgan bought a 75% stake in back in September 2021.

That same month, the VW employee told managers they were concerned about a potential “fraud event” that had recently taken place, and suggested the need for internal “kill switches” to limit the damage from such events, according to the FT.

After hiring a law firm to look into the concerns, the world’s second largest vehicle-maker reportedly said the information provided was “irrelevant,” and the employee “was terminated due to fundamental differences in the way we work together.”

Jamie Akhtar, CEO & co-founder of CyberSmart argued that business of all types should do more to foster an open culture where employees can raise cybersecurity concerns.

“A huge proportion of successful cyber-attacks stem from some form of human error and the best way to counter this is by staff feeling comfortable in raising concerns or asking questions,” he added. “After all, you never know who in your business might spot that something isn’t quite right.”

Outpost24 CSO, Martin Jartelius, said that most firms have a fraud prevention and whistleblower system to root out wrongdoing.

“If a member of a team believes something is a risk, it’s important to investigate and escalate according to your process and making your decision based on the facts,” he added.

Volkswagen does indeed have such a system, having established an internal Together4Integrity program to encourage reporting following a 2015 diesel emissions scandal. That makes it doubly perplexing why the individual was ultimately fired.

Security experts have stood up for cybersecurity whistleblowers after a report on Monday claimed a senior employee at a well-known carmaker was fired after raising concerns about fraud.

The Volkswagen staffer was dismissed weeks after raising the alarm about possible vulnerabilities in the company’s payments platform, Volkswagen Payments SA, which JP Morgan bought a 75% stake in back in September 2021.

That same month, the VW employee told managers they were concerned about a potential “fraud event” that had recently taken place, and suggested the need for internal “kill switches” to limit the damage from such events, according to the FT.

After hiring a law firm to look into the concerns, the world’s second largest vehicle-maker reportedly said the information provided was “irrelevant,” and the employee “was terminated due to fundamental differences in the way we work together.”

Jamie Akhtar, CEO & co-founder of CyberSmart argued that business of all types should do more to foster an open culture where employees can raise cybersecurity concerns.

“A huge proportion of successful cyber-attacks stem from some form of human error and the best way to counter this is by staff feeling comfortable in raising concerns or asking questions,” he added. “After all, you never know who in your business might spot that something isn’t quite right.”

Outpost24 CSO, Martin Jartelius, said that most firms have a fraud prevention and whistleblower system to root out wrongdoing.

“If a member of a team believes something is a risk, it’s important to investigate and escalate according to your process and making your decision based on the facts,” he added.

Volkswagen does indeed have such a system, having established an internal Together4Integrity program to encourage reporting following a 2015 diesel emissions scandal. That makes it doubly perplexing why the individual was ultimately fired.

The UK government has launched a significant set of new requirements for organizations looking to comply with its Cyber Essentials scheme to bring it up to date with the way people live and work today.

Announced late last year, the changes will not impact the scheme’s overall control themes of firewalls, secure configuration, user access control, malware protection and software updates.

However, it has been expanded to address a new set of scenarios brought about by digital transformation and new post-pandemic working patterns.

There’s a new shared responsibility model to ensure organizations can better understand and fulfill their obligations to secure cloud services and infrastructure across SaaS, IaaS and PaaS.

There are also new requirements around home working, which is increasingly the norm for many workers today. This includes expectations about deploying firewall controls to users’ machines and devices.

The program has also been updated to include guidance on which multi-factor authentication (MFA) type to choose for employees, focusing on usability and accessibility.

Backups are not covered because the scheme doesn’t want to “overburden” organizations, even though it strongly recommends a rigorous backup and recovery program.

While the costs associated with Cyber Essentials will remain the same for small and micro companies, a tiered system means larger firms will pay more; now £600 including VAT.

“We still view Cyber Essentials as the minimum standard for cybersecurity in the UK but we also need to ensure it keeps evolving as the threat landscape and technology change. This major update is part of that ongoing regular review, explained “Anne W” of the National Cyber Security Centre (NCSC).

“We are also looking at what other services we can introduce to support Cyber Essentials. This includes providing an advisory service to help organizations that don’t have their own technical support with the practical configuration of their systems, and how to address the security challenges that larger organizations with complex IT estates face to meet the minimum standard.”

The UK government has launched a significant set of new requirements for organizations looking to comply with its Cyber Essentials scheme to bring it up to date with the way people live and work today.

Announced late last year, the changes will not impact the scheme’s overall control themes of firewalls, secure configuration, user access control, malware protection and software updates.

However, it has been expanded to address a new set of scenarios brought about by digital transformation and new post-pandemic working patterns.

There’s a new shared responsibility model to ensure organizations can better understand and fulfill their obligations to secure cloud services and infrastructure across SaaS, IaaS and PaaS.

There are also new requirements around home working, which is increasingly the norm for many workers today. This includes expectations about deploying firewall controls to users’ machines and devices.

The program has also been updated to include guidance on which multi-factor authentication (MFA) type to choose for employees, focusing on usability and accessibility.

Backups are not covered because the scheme doesn’t want to “overburden” organizations, even though it strongly recommends a rigorous backup and recovery program.

While the costs associated with Cyber Essentials will remain the same for small and micro companies, a tiered system means larger firms will pay more; now £600 including VAT.

“We still view Cyber Essentials as the minimum standard for cybersecurity in the UK but we also need to ensure it keeps evolving as the threat landscape and technology change. This major update is part of that ongoing regular review, explained “Anne W” of the National Cyber Security Centre (NCSC).

“We are also looking at what other services we can introduce to support Cyber Essentials. This includes providing an advisory service to help organizations that don’t have their own technical support with the practical configuration of their systems, and how to address the security challenges that larger organizations with complex IT estates face to meet the minimum standard.”