Industry Reaction: UK Parliament Cyber Attack ‘Was A Matter Of Time’

The British Parliament has spent the weekend battling and recovering from a “sustained and determined” cyber attack that targeted MP’s email accounts in an apparent attempt to access confidential information.

The House of Commons has been working with the National Cyber Security Centre (NCSC) to investigate the attack, which is yet another example of the power hackers now wield and highlights how no-one, not even governments, are safe from cyber criminal activities.

In response to the news, several industry professionals have been speaking to Silicon to offer their thoughts and reactions.

A matter of time

Spencer Young, RVP EMEA at Imperva believes that, due to the inherent vulnerability of passwords, an attack such as this was an inevitability. “Passwords continue to be an Achilles Heel in the fight against cybercrime as improper user behaviour – such as weak passwords or use of the same password across different sites continues,” he said.

“What’s disturbing, aside from the doubtless potential for high levels of confidentiality within emails emanating from the House, is that there are simple, effective methods such as two-factor authentication, and TLS Client Authentication which have been shown to be extremely secure, yet usability issues have hampered adoption.

“This is an outcome of a continual lack of understanding and investment from Government in security strategies that enterprise Britain adopts as standard operating procedures. This attack was unfortunately always a matter of time.”

This point was further emphasised by Andrew Clarke, UK Director at One Identity, while also highlighting the various technologies that are essential in combating such attacks: “The key problem is that many of the passwords that have been exposed through external social media sites are the same passwords used for every day duties.

“One way in which government organisations can overcome the password reuse issue is by introducing Multi-factor Authentication (MFA). If passwords need to be used, then a Password Manager tool would help on a number of fronts. Firstly, it would help re-enforce organisational policies and data security standards and if a password is tried unsuccessfully then the system access is actually locked out.

“Associated with such a tool is a series of profile questions that empower the user to reset their own passwords by asking personalised questions to which the user has predetermined the answers. By taking this step to implement this type of control they are even able to realise a return-on-investment very quickly as it is simple to setup and simple to use – and as well as improving security cuts down on administrative overhead.”

Clarke also praised Parliament’s IT team for its pro-active response in closing down access to the email system straight away, enabling them to reduce the risk and investigate the breach further.

Neil Larkins, co-founder and COO of Egress Software Technologies, offered similar advice: “There are technical measures that could have been put in place to stop this attack, or reduce the risk of human error. For example, access can be restricted to known IP addresses, which would mean that anyone on an unknown external device trying to get access – even with the correct password – would be denied in the first instance.

“Furthermore, as many MPs have highlighted, the real risk of this attack was that constituents’ emails could be accessed, or that email content could leave MPs vulnerable to blackmail. If, however, the government had implemented message-level encryption, sensitive content would be secured and would require a separate access control.”

Continues on page 2…

Page: 1 2

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

41 mins ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

18 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

20 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

21 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

22 hours ago