HMRC cybersecurity investment misses the point
HMRC is investing heavily in cybersecurity resources, skills and training – but its investment is focused on its own staff and not where the real problem lies: with us.
Replies (5)
Please login or register to join the discussion.
For an organisation of that size (66,000 people work there) those staff training numbers are miniscule.
And "nine enrolled in an ‘introduction to Cyber Security’ course (this accounted for the bulk of the training budget" also shows us that, again, relative to their size they are putting basically no meaningful resources into security.
£262K for an organisation the size and complexity of HMRC? They must spend more on coffee and biscuits than that!
The scammers don't just do HMRC and tax payers. The reason why they have had more success with HMRC is that people are more afraid of authority and tend to do what they say.
Is our technology in this country so poor that we can't find out who the scammers are and do something about it? The answer has to be banks as they are normally the ones where the money magically disappears in.
Although I've heard of a new one to do with Government grants whereby you go down to Asda and buy a voucher, scratch off the number and phone it through to the scammer so you can claim your grant that doesn't need to be repaid.
Despite the title (with which I agree), the article also misses the point (or rather several of them)!
The mistakes supposedly tackled via this 'investment' are like awareness training, which might be a first step but is hardly going to change the near-daily breach of guidelines by more junior staff (and not just in HMRC) that percolate through to the systems encountered by the public.
Due to its non-ministry status, there is no real oversight of HMRC and very little evidence of effective governance (particularly regarding all aspects of its interaction with the public).
I've no idea of its budget or processes for 'dealing with phishing scams', but I've yet to see evidence over the last 10 years when using their report-a-scam email address of it ever leading to any action.
In the meantime, as ignored by the article, the vast majority of these scams are not aimed at diverting funds being paid to HMRC, but to identity theft ... and this will only increase if HMRC insist on introducing (with little advance warning and no thought for security) policies that require individuals to send copies of their passport and other docs to an anonymous Dropbox, whilst warning them they have only days to comply. This might just as well have been copied out straight from the bad guys handbook!