UK’s MoD Exposed in 37 Security Breaches: Report
The UK’s Ministry of Defence (MoD) appears to have exposed highly sensitive data and systems to the risk of compromise after reports revealed 37 breaches of security protocol last year.
The heavily redacted reports don’t indicate whether the security breaches led to sensitive military information falling into enemy hands, but their scale should be alarming.
The cybersecurity slip-ups include sending sensitive information unprotected over the internet — where it could potentially have been intercepted by cyber-spies.
Peripherals were connected to ministry networks without checking first for malware, and phones and laptops were taken overseas where they were apparently at risk of malware infection or interception of communications.
In some cases, devices, documents and even rooms were left unsecured, raising the prospect that unauthorized third parties could access them, according to Sky News.
A statement sent from the ministry argued that disclosing more info could increase the risk of a cyber-attack against it.
“The MoD takes the security of its personnel and establishments very seriously but we do not comment on specific security arrangements or procedures,” it added.
The UK’s MoD is not the only defense department to have been found wanting when it comes to cybersecurity recently.
Reports emerged over the weekend that as many as 30,000 Pentagon staff may have had their personal and financial data stolen via a third-party contractor.
Even more concerning, a Government Accountability Office (GAO) report recently found critical vulnerabilities in nearly all US weapons systems under development.
Eset cybersecurity expert, Jake Moore, argued that the number of security breaches recorded by the MoD is concerning.
“Human error still occurs and this report simply echoes that you can have endless computing power and other unmanned mitigation techniques in place, yet the human firewall can still easily be a target and let these attacks in,” he added. “Such prevention techniques as robust and effective staff training will no doubt reduce the number of reported attacks on the MoD.”
Source: Information Security Magazine