The UK’s Electoral Commission faced significant cybersecurity shortcomings just before a cyberattack that allowed hackers to access voter registers containing personal details. A BBC report highlighted that the commission automatically failed a Cyber Essentials audit, a certification against cybersecurity standards set by the UK government, and has yet to pass it.
Introduced in 2014, the Cyber Essentials scheme offers two certification levels: basic Cyber Essentials and Cyber Essentials Plus. To bid for government contracts involving sensitive and personal data, suppliers must possess a valid Cyber Essentials certificate. The Electoral Commission’s 2021 attempt at certification was unsuccessful in several areas. Notably, around 200 staff laptops operated outdated and potentially insecure software. Additionally, auditors flagged the use of old iPhones, no longer receiving security updates from Apple. While the Commission acknowledged these shortcomings, they asserted that these were not connected to the cyberattack affecting their email servers.
The Commission opted not to apply for Cyber Essentials in 2022. They emphasized their ongoing efforts to bolster cybersecurity, leaning on the expertise of the National Cyber Security Centre.
In a concerning revelation last month, the commission disclosed that “hostile actors” had accessed its emails and possibly the data of 40 million voters. Intruders first breached the electoral registers and email system in August 2021. However, the commission only detected the breach in October 2022, noticing unusual log-in requests. The exact identity of the attackers and the breach’s specifics remain undisclosed. The accessed data likely encompassed names, addresses, email details, and other personal information stored on electoral registers or communicated via email.
Source: Csoonline
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.