Experts respond to UK Ministry of Defence cyberbreach

Experts respond to UK Ministry of Defence cyberbreach

The UK Ministry of Defence has become a victim of a cyberbreach which has affected the armed forces payroll system.

A culprit has not yet been identified for the attack, which is believed to have involved the compromise of personal information of UK military personnel, but most commentators are pointing their suspicions at China. 

Tim West, Director, Threat Intelligence and Outreach at WithSecure, said: “The breach of highly sensitive data from the Ministry of Defence raises significant concerns. Government departments are a prime target of cyberthreats every single day. Cybercriminals also know that government data is only as secure as the weakest third-party network that it is processed upon, and this is why they are targeted.

“There are obvious reasons why the Ministry of Defence is an extremely attractive target to any adversarial nation state. The intelligence value of who, how much and when the UK military makes payments should be fairly clear, particularly as this breach comes at a time where Rishi Sunak has recently pledged a significant increase of defence spending to 2.5%.

“This being said, we also do not yet know the details of this hack and, why the finger is being pointed at Chinese (seemingly specifically state sponsored and not criminal) intrusion sets.

“The attack is a good reminder to all public bodies about the importance of securing the entire supply chain. Organisations should look to implement regular risk assessments, implement advanced security measures and foster a strong cybersecurity culture.”

Jake Moore, Global Cybersecurity Advisor, ESET, said: “Protecting our digital landscape is just as critical as safeguarding the physical realm and this latest data breach highlights yet again the importance for increased investment in defence and security measures.

“Cybersecurity standards are vital in government organisations but they don’t always operate in the way they are designed. A framework is often laid out as a gold standard but in reality corners are cut. Cybercriminals will attack all links in the chain looking for the weakest link and if this involves a small external company, this firm will require the same security as the government organisation in question.

“Many businesses in the government’s supply chains will handle extremely sensitive data but it is imperative that they are checked not only in terms of vetting but in terms of continual security protocols as well. When dealing with this level of sensitive information which could potentially cause a huge knock-on effect, it is vital that they are protected to the highest possible standard.”

Martin Greenfield, CEO of leading cybersecurity controls monitoring platform Quod Orbis, said: “This data breach affecting the personal information of the UK military personnel is the latest in a slew of attacks that further demonstrates the growing threat of cyberattacks targeting nationally sensitive data.

“The public sector has long been a prime target for cybercriminals, as evidenced by previous attacks on the NHS just last month. With over half of all organisations having experienced some form of cybersecurity breach or attack in the last year, there is a significant challenge faced by UK organisations in securing their systems.

“What we see time and again is that the challenge is exacerbated by the presence of silos in cybersecurity monitoring, which can lead to gaps in threat detection and response. When different departments or systems operate in isolation, it becomes more difficult to identify and mitigate potential vulnerabilities, leaving organisations more susceptible to attacks.

“In this context, the breach of personal information could lead to further targeted attacks, both in the digital and physical realm. When we consider the on-going tensions in Ukraine and Israel, such attacks pose a wider risk to MoD operations in the area.

“As investigations into this breach unfolds, it’s clear that the UK’s cybersecurity posture needs to evolve to meet the growing threat landscape. This will require a concerted effort to break down silos and foster greater collaboration between departments, agencies and the private sector.

“Organisations must create a more cohesive and integrated approach to cybersecurity where information is shared freely and teams work together to identify and respond to threats.”

Adam Pilton, Cyber Security Consultant at CyberSmart, said: “Although I understand why people are speculating on who is responsible for this attack, and why they may believe it could be China, this is a distraction.

“The real issue is that an external contractor has been breached. How was the contractor breached? Did they have security controls in place?

“In October 2023 the Government published a Procurement Policy Note which applies to all Central Government Departments which stated ‘In-scope organisations must ensure that effective and proportionate cybersecurity controls are applied to contracts to mitigate supply chain risks.’  Were effective and proportionate cybersecurity controls in place?

“It’s vitally important that security is in place, and we must take responsibility for this. We must understand how this breach happened so that we can promptly relay this information and if applicable, update security guidance.

“Our immediate focus should not be on blame, but on gathering information and broadcasting this so that we can protect further potential victims.”

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive