Our latest round-up of cyber security nibs includes a cyber-attack on the Labour party and Marie Stopes achieving Cyber Essentials Plus Certification.

Marie Stops celebrates cyber security badge

Marie Stopes UK has announced its achievement of the government-backed Cyber Essentials Plus Certification.

Cyber Essentials is a key part of the UK’s National Cyber Security Programme and helps organisations guard against the most common cyber threats and ensure sensitive data is secure and handled correctly.

The National Cyber Security Centre (NCSC) offers two levels of protection: The Cyber Essentials self-assessment option and the Cyber Essentials Plus, which provides a more rigorous verification by an independent Certification Body.

The latter tests a set of five key security controls through simulated hacking and phishing attacks, including boundary firewalls and gateways, secure configuration, access control, malware protection and patch management.

Stephanie Canavan, Marie Stopes UK’s head of information governance and IT systems said: “We serve tens of thousands of women and men each year and this badge demonstrates our commitment to keeping both them and our team members safe from online threats.

“Good cyber security is an absolute necessity and this certification reflects our determination to ensure we are as resilient as possible to attack and that the sensitive data we are entrusted with is in safe hands.”

ICO faces off against ‘invasive’ biometric tech

The Information Commissioner Office (ICO) has demanded a new statutory code to govern the police use of “invasive” facial recognition technology.

The watchdog’s investigation follows the August incident over its use at King’s Cross station, in which it determined the technology was a potential threat to the public’s privacy.

Police forces in the UK have already faced controversy and opposition over the public use of facial recognition, among which a court case was launched against South Wales Police.

A number of politicians have signed a petition to stop its use,  with several trials of the technology being stopped nationwide.

This has highlighted that acceptance is just as important as the maturity of the technology in order to obtain the expected benefits.

Jason Tooley, of biometric authentication firm Veridium, argued that halting facial recognition trials due to public backlash was “a huge step backwards” that put innovation at risk.

“There is increasing concern in the community that regulators such as the ICO will take too much of a heavy-handed approach to regulating the technology, and we must absolutely ensure innovation is not being stifled or stopped,” said Tooley.

“It’s in the public interest for police forces to have access to innovative technology such as biometrics in order to deliver better services and safeguard our streets.”

Labour deflects cyber-attack

The Labour Party has been targeted in a  cyber-attacked levelled at its website and other digital channels.

Labour said the distributed denial of service (DDoS) attack, a method through which computer servers are barraged with internet with traffic in an attempt to overwhelm them, was deflected owing to its “robust” security measures.

It said no data held by the party was compromised as a result.

A Labour source speaking to the BBC said that the attacks originated in Russia and Brazil but was not a state-sponsored attack.

The National Cyber Security Centre said the Labour Party followed the “correct procedure” and, given the attack was not successful, the case is now closed.

Brussels publishes new guidance on medical device classification

The European Commission has published new guidance on the classification of software devices as medical devices.

The guidance, published by the EC’s Medical Devices Coordination Group (MDCG), provides clarification to medical software manufacturers on when software is considered a medical device and what risk category its falls into.

This includes software that can directly control a piece of hardware, provide instant decision-triggering information or deliver support for health professionals.

Most software devices are classified as low risk under current rules; however, many will automatically be considered medium or high risk under the new European guidance.