Earlier this month it was uncovered by the media that the Ministry of Defence had been hacked, with around 272,000 personnel affected.
Quite a significant number when you consider that our armed forces is only made up of a total of 180,000 active service personnel including the army, navy, RAF, and royal marines.
Looking at the scale of the attack, it seems that more or less all of the armed forces were affected, apart from the SAS who are on a different system for their payroll, the target for the data breach in this case.
The story surfaced earlier this month when the information was leaked to the media, as the government attempted to keep it quiet.
However, the data breach did not actually occur this month. It happened back in February but the contractor responsible for the data, SSCL, did not disclose details about the data breach initially and covered it up for several months.
What Happened in the Data Breach Incident?
The recent data breach was particularly significant as it involved the data of more or less all of the Armed Forces personnel currently serving, including their financial details, bank accounts, and names and addresses, which poses a threat in terms of their physical security.
Grant Schapps the defence minister refused to comment on the knowledge of the source of the attack, referring to them simply as a malign actor.
Organisations such as The Guardian newspaper and Sky News have since found out through their sources in Parliament that it was, in fact, a China state-based attack, as was initially suggested was the case.
Conservative MP Mark Francois suggested that the Foreign Office had something to do with restricting the information on China's involvement, in order to avoid further souring relations.
Grant Schapps would not comment on this and he refused to answer a specific question on when they found out about the attack; although it has since been revealed that it was first discovered in February.
He did point out however that the Ministry of Defense receives millions of cyber attack attempts every day that are unsuccessful due to the cyber security measures deployed.
Schapps also mentioned the proposed 2.5% spending increase on the defence budget which would help to improve our defensive capabilities, including against cyber threats.
What are the Major Concerns With This Cyber Attack on the Ministry of Defense?
Apart from the attack itself, there are several issues in terms of vulnerabilities that could have been avoided and were mostly caused by human error on the part of SSCL, and will not be looked upon favourably in the upcoming investigation.
One of the major issues with SSCL's handling of the data breach was the time taken to disclose the information about the cyber attack to their customer—in this case, the Government.
As most people in cyber security industries would recognise, rapid containment of any unauthorised access, data breach or malicious cyber attack, is essential in order to mitigate the damage and resolve the problem quickly.
As the contractor discovered the data breach in February and then waited several months to report this to the Government, this means that whatever malicious action the Chinese intelligence services were looking to do with the data could now have already transpired.
Another significant threat is the fact that financial and banking details have been compromised. Targeting those in financial difficulty is a commonly used method by Chinese intelligence services to compromise and recruit foreign agents.
Among the data that was compromised by the hackers was the personal addresses of the armed services personnel. This in itself is a serious security concern because, with this information in the hands of Chinese intelligence services, this means if they wanted to, for example, assassinate all of our top generals and high-ranking officers in the army, they would now most likely know where they all currently reside.
Why is Transparency Important in the Event of a Data Breach?
In terms of the most recent cyber attack the Ministry of Defense has compounded its problems by failing to properly disclose details about the data breach which has led to something of a PR disaster for them.
For example, the service personnel affected were not made aware of the data breach by the Ministry of Defence or the government and instead found out through the national media and TV news coverage that a) their details and security were compromised and b) their employer, the Government, already knew about it and had so far neglected to inform them.
Of course, when your own personal safety and financial details have been compromised due to a mistake from your employer, this is never the best way to hear this news.
As the initial data breach was not reported for several months by the contractor SSCL, this means that the effects of the data breach could be much more severe.
To make matters worse, SSCL are involved with several other government contracts that are not public knowledge that could also be compromised in a similar way.
Because the Government had not been informed that SSCL had dropped the ball, as such, they even awarded them with a £500,000 contract to handle the overall cybersecurity of the Ministry of Defence!
Pending the upcoming investigation into their handling of the cyber attack, this contract could be revoked.
The main worry with these undisclosed contracts is that nobody really knows what they are for or who will be affected by them. So for example, if the other contracts that have been deemed too sensitive to disclose to the public include say Members of Parliament and police officers’ payrolls that are also handled by SSCL, then these groups of people could also be at risk by using a similar system that may or may not have been hacked at the same time.
Aside from the issues of lack of transparency from SSCL the contractor, there are several transparency issues from the Government side that have exacerbated matters and led to further distrust and compounding of the issues faced.
Apart from the undisclosed contracts and neglecting to tell the soldiers about the hack in the first place, the Government have also attempted to keep quiet their knowledge that the hack was from a Chinese source but have since had that information leaked to the press—so the whole thing has become a bit of a fiasco.
When Should You Report a Data Breach Incident in Your Business?
Any organisation that has suffered a significant cyber attack leading to the loss of personal data should be as transparent as possible and report the incident to their customers, the public, and the relevant authorities as soon as it is appropriate to do so, once the threat has been contained and the damage assessed.
Your cybersecurity service provider can advise on when is the best time to go public about the cyber attack and what steps you should take in the event of a malicious data breach.
How To Avoid Large-scale Data Breaches in Your Business
There are several steps that a business can take to minimise the risk of a large-scale data breach leading to the loss of customers’ personal data.
These include
-
Simple things such as regularly changing passwords and having a culture of strong passwords that are not easily guessed by hackers. Many employees still use obvious passwords such as password1, or 1234, and essentially leave the door open for cybercriminals.
-
Frequently checking for vulnerabilities and potential risks with vulnerability management software and infrastructure monitoring.
-
Making sure that all staff members who operate on the system are fully trained in cyber security awareness and what procedure they should follow in the event of a data breach.
Managed IT Solutions Providers for Large Businesses
One of the best steps that medium and large customer-facing businesses can take to mitigate the risk from serious cyber crime incidents is to leverage an outsourced service provider for their cybersecurity defences.
Due to the complex and ever-evolving nature of cybercrime, it is often too much for an internal IT department to handle by itself.
For larger customer-facing businesses, the best solution is to have a dedicated service provider who can continually monitor your existing systems and automatically detect any intrusion to your network or unauthorised access of your data.
How Lyon Tech Can Help Strengthen Your Cybersecurity Posture
If you have concerns over the safety of your customers’ and employees’ data then you are not alone. Like many business owners, you may be worried that your existing system may not be up to scratch when it comes to defending against the most sophisticated state-sponsored hackers and organised crime groups.
At Lyon Tech, we provide a range of solutions to ensure your business has the most robust cybersecurity defences possible. Whether you are looking for live system reporting and threat detection, 24/7 rapid response teams, or cyber awareness training for your staff, at Lyon Tech, we can help you decide which would be the most suitable option for your current setup in your business.
Contact Lyon Tech
Get in touch with our expert analysts today and we can assess your current risk profile and advise on the best steps to take to tighten up your cyber defences from every avenue of attack.
Our dedicated team is on hand to answer any queries you may have and support is available around the clock, whenever it is needed.
Cybercriminals do not wait for the 9–5 to start, and neither do we.
If you have any questions related to cybersecurity and defending against malicious hackers, contact our friendly advisors today and we will be more than happy to answer any query you may have.
