Experts Call for More Open Security Culture After VW Sacking
Security experts have stood up for cybersecurity whistleblowers after a report on Monday claimed a senior employee at a well-known carmaker was fired after raising concerns about fraud.
The Volkswagen staffer was dismissed weeks after raising the alarm about possible vulnerabilities in the company’s payments platform, Volkswagen Payments SA, which JP Morgan bought a 75% stake in back in September 2021.
That same month, the VW employee told managers they were concerned about a potential “fraud event” that had recently taken place, and suggested the need for internal “kill switches” to limit the damage from such events, according to the FT.
After hiring a law firm to look into the concerns, the world’s second largest vehicle-maker reportedly said the information provided was “irrelevant,” and the employee “was terminated due to fundamental differences in the way we work together.”
Jamie Akhtar, CEO & co-founder of CyberSmart argued that business of all types should do more to foster an open culture where employees can raise cybersecurity concerns.
“A huge proportion of successful cyber-attacks stem from some form of human error and the best way to counter this is by staff feeling comfortable in raising concerns or asking questions,” he added. “After all, you never know who in your business might spot that something isn’t quite right.”
Outpost24 CSO, Martin Jartelius, said that most firms have a fraud prevention and whistleblower system to root out wrongdoing.
“If a member of a team believes something is a risk, it’s important to investigate and escalate according to your process and making your decision based on the facts,” he added.
Volkswagen does indeed have such a system, having established an internal Together4Integrity program to encourage reporting following a 2015 diesel emissions scandal. That makes it doubly perplexing why the individual was ultimately fired.
More Stories
Stephen Khan Receives Infosecurity Europe Hall of Fame Award, to Deliver Keynote on Four Essential Attributes CISOs Need to Succeed
The award recognises Khan's outstanding contributions to the field and his role in shaping the cybersecurity industry Read More
A Third of Tech CISOs Are Unhappy With Their Income
IANS Research data finds many tech CISOs are concerned about their compensation as salaries stagnate Read More
MedStar Health and DocGo Reveal Data Breaches
MedStar Health and DocGo have become the latest US healthcare providers to announce cybersecurity incidents Read More
#RSAC: Two-Thirds of Organizations Failing to Address AI Risks, ISACA Finds
An ISACA survey found that just a third of organizations are adequately addressing security, privacy and ethical risks with AI...
CIS Benchmarks May 2024 Update
Here is an overview of the CIS Benchmarks that the Center for Internet Security updated or released for May 2024....
#RSAC: Decoding US Government Plans to Shift the Software Security Burden
US government officials discussed plans on how to incentivize security by design principles in the software manufacturing process during RSA...