Experts Call for More Open Security Culture After VW Sacking
Security experts have stood up for cybersecurity whistleblowers after a report on Monday claimed a senior employee at a well-known carmaker was fired after raising concerns about fraud.
The Volkswagen staffer was dismissed weeks after raising the alarm about possible vulnerabilities in the company’s payments platform, Volkswagen Payments SA, which JP Morgan bought a 75% stake in back in September 2021.
That same month, the VW employee told managers they were concerned about a potential “fraud event” that had recently taken place, and suggested the need for internal “kill switches” to limit the damage from such events, according to the FT.
After hiring a law firm to look into the concerns, the world’s second largest vehicle-maker reportedly said the information provided was “irrelevant,” and the employee “was terminated due to fundamental differences in the way we work together.”
Jamie Akhtar, CEO & co-founder of CyberSmart argued that business of all types should do more to foster an open culture where employees can raise cybersecurity concerns.
“A huge proportion of successful cyber-attacks stem from some form of human error and the best way to counter this is by staff feeling comfortable in raising concerns or asking questions,” he added. “After all, you never know who in your business might spot that something isn’t quite right.”
Outpost24 CSO, Martin Jartelius, said that most firms have a fraud prevention and whistleblower system to root out wrongdoing.
“If a member of a team believes something is a risk, it’s important to investigate and escalate according to your process and making your decision based on the facts,” he added.
Volkswagen does indeed have such a system, having established an internal Together4Integrity program to encourage reporting following a 2015 diesel emissions scandal. That makes it doubly perplexing why the individual was ultimately fired.
More Stories
Friday Squid Blogging: Protecting Cephalopods in Medical Research
From Nature: Cephalopods such as octopuses and squid could soon receive the same legal protection as mice and monkeys do...
Russian Company Offers $20M For Non-NATO Mobile Exploits
Operation Zero will pay $20m for exploits like RCE, LPE and SBX, integral to a full-chain attack Read More
Microsoft’s Bing AI Faces Malware Threat From Deceptive Ads
Malwarebytes said the goal of these tactics is to lure victims into downloading malicious software Read More
Phishing, Smishing Surge Targets US Postal Service
The surge in these attacks has prompted DomainTools to delve into their origins and implications Read More
Three men found guilty of laundering $2.5 million in Target gift card tech support scam
Three Californian residents have been convicted of laundering millions of dollars tricked out of older adults who had fallen victim...
ZeroFont trick makes users think that message has been scanned for threats
Attackers are using the "ZeroFont" technique to manipulate the preview of a message to suggest it had already been scanned...