Recovered classified records from the Ministry of Defence (MoD) have revealed the severity and impact of security breaches across Britain from international cyber criminals in the span of a year.
The heavily-redacted papers show that there had been an increase in the number of hacks which allowed defence secrets to be exposed between 2017 and 2018. Consequently, the UK has faced nationwide cyber risks on numerous occasions.
Thirty-seven incidents of security breaches were recorded for the whole of last year, in which the MoD and its subsidiaries were found to have been unsuccessful in protecting the country from having its military and defence information stolen.
Similarly, in just between January and October this year, 34 incidents had been documented, in comparison to 33 in the same time period in 2017. However, the gravity of the breaches appears to be more this year, as the 2018 reports are more severely redacted in comparison to those of 2017.
Security breaches have resulted from data being left unprotected or insufficiently guarded by IT protocols, or due to the lack of routine testing to spot malicious software on computers from foreign surveyors.
The withdrawn information in the reports of critical incidents are believed to have the potential to destroy national security if they are publicly acknowledged. In addition to this, the redacted data hides the outcomes of the incidents, even if the end result was that information was taken by hostile countries like Russia and China.
A statement released by the MoD said: “[Publicly acknowledging the details of a security breach would] provide potential adversaries with valuable intelligence on the MoD’s and our industry partners’ ability to identify incidents and react to trends.
“Disclosure of the information would be likely to increase the risk of a cyber-attack against IT capability, computer networks and communication devices.”
It is mandatory that businesses that operate within or alongside the defence ministry report any cybersecurity breaches to the Information Commissioner’s Office – the country’s data regulator. In a similar fashion, publicly listed companies inform the Financial Conduct Authority about any security breaches, regardless of whether any data is lost or not.
A spokesperson from the MoD commented: “The MoD takes the security of its personnel, systems and establishments very seriously, but we do not comment on specific security arrangements or procedures.”
With reference to the rising number of cyber threats, the head of the National Cyber Security Centre, Ciaran Martin, has noted that it is a case of “when” and not “if” the country will be faced with another category-one attack, and has said that more preventive measures should be taken to limit the consequences.
See the original article here: Cybersecuritynews.co.uk