Over the weekend a cyber attack was launched on Parliament, having compromised the emails of 90 MPs. The goal, the Huffington Post cited Westminster sources as saying, was to “identify weak passwords”.
It was also found by The Times that the passwords and emails of cabinet ministers and senior police officers had been traded by Russian hackers.
This comes after a smaller attempt – less than ten MPs were involved – executed before the general election. It similarly tried getting politicians to hand over their password details, but this time via phishing emails.
It seems the National Cyber Security Centre had been right in claiming attacks on parliamentary email addresses would continue into the year – and the centre isn’t alone in that thought. In fact, many believe the attacks are bound to increase.
“It is highly likely such attacks, like the one on UK Parliament, will only become more frequent,” Daren Oliver, IT specialist and managing director at London-based business Fitzrovia IT likewise told Real Business. “The data and information available from governmental officials and other similar institutions is obviously extremely sensitive making it incredibly valuable to cyber criminals. “The prize for those instigating attacks of this kind presents, not only financial reward in exchange for the information, but also a sinister world of possibilities, where in the wrong hands such data could have far reaching and catastrophic consequences with the potential to severely affect a country’s national security, economy, and political negotiations.”
That hackers have become comfortable with attacking companies and the government alike merely to exclaim their presence, should ring warning bells – especially to SMEs. After all, the Cyber Resilience: How to protect small firms in the digital economy report by the FSB claimed attacks via email were the most common adversaries for SMEs. Given that the majority of UK businesses comprise of SMEs.
Mimecast founder Peter Bauer famously explained: “Email was never intended to be used in the way it is now. It’s not really kitted out for all of the risks associated with the internet; it was designed for a more trusting environment. And it’s a mistake to think that SMEs don’t present a worthwhile target. By simply setting up a free email address and a LinkedIn account for research, a hacker can go far.”
It’s an issue Oliver also chose to highlight, suggesting that security wise, email is one the weakest forms of online communications. For cyber criminals it is often an easy target when mining for information.
As for passwords, he explained staff needed adequate knowledge of what not to do – and would have to follow through with it.
“In simplistic terms, the usual advice of regularly updating passwords and making sure passwords consist of a combination of at least eight characters that are made up of numbers, letters, and symbols, still applies, but it is down to companies and individuals to make sure these are sufficient enough, being complied with and followed through effectively.
“As data becomes more and more valuable we need to start asking the question whether exchanging highly sensitive and confidential information over email should be reassessed and if the introduction of multi-factor authentication [for example, a combination of password, PIN and fingerprint] should be compulsory for those communicating data of this nature.”
Even the hacked MPs were admonished for their easy passwords:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.