Experts Call for More Open Security Culture After VW Sacking
Security experts have stood up for cybersecurity whistleblowers after a report on Monday claimed a senior employee at a well-known carmaker was fired after raising concerns about fraud.
The Volkswagen staffer was dismissed weeks after raising the alarm about possible vulnerabilities in the company’s payments platform, Volkswagen Payments SA, which JP Morgan bought a 75% stake in back in September 2021.
That same month, the VW employee told managers they were concerned about a potential “fraud event” that had recently taken place, and suggested the need for internal “kill switches” to limit the damage from such events, according to the FT.
After hiring a law firm to look into the concerns, the world’s second largest vehicle-maker reportedly said the information provided was “irrelevant,” and the employee “was terminated due to fundamental differences in the way we work together.”
Jamie Akhtar, CEO & co-founder of CyberSmart argued that business of all types should do more to foster an open culture where employees can raise cybersecurity concerns.
“A huge proportion of successful cyber-attacks stem from some form of human error and the best way to counter this is by staff feeling comfortable in raising concerns or asking questions,” he added. “After all, you never know who in your business might spot that something isn’t quite right.”
Outpost24 CSO, Martin Jartelius, said that most firms have a fraud prevention and whistleblower system to root out wrongdoing.
“If a member of a team believes something is a risk, it’s important to investigate and escalate according to your process and making your decision based on the facts,” he added.
Volkswagen does indeed have such a system, having established an internal Together4Integrity program to encourage reporting following a 2015 diesel emissions scandal. That makes it doubly perplexing why the individual was ultimately fired.
Danger USB! Journalists sent exploding flash drives
If you were sent a USB stick anonymously through the post, would you plug it into your computer? Perhaps you'll...
China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers
The deployment of custom credential theft malware is the main novelty of the new campaign Read More
SharePoint Phishing Scam Targets 1600 Across US, Europe
Cyber-criminals used the scam to steal the credentials for various email accounts Read More
Europe’s transport sector terrorised by ransomware, data theft, and denial-of-service attacks
A new report from ENISA, the European Union Agency for Cybersecurity, looking at cyberattacks targeting the European transport network over...
Security at the core of Intel’s new vPro platform
Intel has introduced its 13th Generation Core processor line, which the company claims is the first to build threat detection...
New Post-Exploitation Attack Method Found Affecting Okta Passwords
The flaw derives from the way the Okta system records failed login attempts to instances Read More