04 June 2024

On 6 May, it was reported that the details of 270,000 service personnel working for the UK Ministry of Defence (MOD) had been accessed in part of an operation targeting a contractor responsible for managing the MOD’s payroll system.

“The armed forces personal data that was accessed is extra valuable because they will be highly security cleared individuals which means the data can be used for blackmail/extortion purposes,” warns Patrick Wragg, head of incident response, Integrity360. “The system that was breached being managed by an external contractor highlights the need for extra levels of security when dealing with third-parties.”

Indeed, the breach highlights the critical issue of supply chain security. The presence of third-party contractors and vendors in the supply chain of large and complex organisations like the MOD is almost inevitable, however, making it challenging to always ensure security. Having multiple parties in the supply chain increases the potential points of vulnerability, requiring comprehensive security measures and practices to mitigate risks effectively.

“Earlier this year, a government report highlighted the risk of legacy IT systems to government departments, with 11 out of 42 ‘critical’ systems operating within the MOD,” says Mark Jow, EMEA technical evangelist, Gigamon. “Now more than ever, the institutions behind national stability and security must be as robustly defended as possible, without room for security blind spots. This includes securing supply chains to prevent these attacks.”

When it comes to data protection, organisations must identify the most sensitive data assets that require the highest level of protection and implement appropriate security measures to safeguard their most valuable assets effectively. This is especially important in the run up to the UK’s 4 July General Election, in a context marked by global election manipulations/fraud and cyber-threats.

“The (MOD) breach reiterates a key security lesson for the public sector: cyber-attacks can have far more malicious intentions than just the threat actor’s financial gain,” explains Mark Jow, EMEA technical evangelist, Gigamon. “Failure to secure and defend critical data is no longer acceptable. Perhaps this latest breach will show that now is the time to implement comprehensive, robust, and punitive legislation, ensuring all commercial and public organisations finally take cyber protection seriously.”

Cybersecurity must become a core priority as hostile state actors continue to ramp up their attacks on key ministerial departments that are central to modern society, agrees Kev Eley, VP sales UKI & Europe, LogRhythm: “staying ahead of threat actors requires governments to adopt a proactive cybersecurity approach that encompasses employee training and regular cybersecurity assessments, including third-party services. Deploying an advanced security solution to monitor and identify anomalous network activity also provides another crucial layer of defense against ever-evolving attacks.”

“The current geopolitical situation is likely to lead to an escalation of this kind of activity, and we should expect to see similar events in the months ahead,” adds Paolo Passeri, cyber intelligence principal, Netskope. “For the UK public sector, which is already struggling with legacy IT debt, this is an important reminder that a comprehensive zero trust approach is vital, and that it must necessarily include the supply chain into the process if it is to be effective.”