UK police cyberattack a reminder of third party risk

The Metropolitan Police Force remains on high alert following a security breach involving the IT system of one of its suppliers.
Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

News that the UK’s largest regional police force, the Metropolitan Police, has been the subject of a supply chain cyber attack is yet another reminder to organisations that third-party vendors remain a huge area of cyber vulnerability.

Know as ‘The Met’, the force employees 35,000 police and civilian staff, and remains on high alert following a security breach involving the IT system of one of its suppliers.

The vendor in question has access to names, ranks, photos, vetting levels and pay numbers for officers and staff, but not personal information such as addresses, phone numbers and financial details, a Met spokesperson said.

The spokesperson was unable to say when the breach occurred or how many personnel could be affected.

Rick Prior, Vice Chair of the Metropolitan Police Federation, which represents staff, said: “Officers are out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe.

“To have their personal details potentially leaked into the public domain will cause incredible concern and anger. This is a staggering security breach that should never have happened."

Staggering, but all too common.

Back door cyber attacks all too common

Another notable recent back-door incident was the MOVEit cyberattack, which saw a ransomware gang hack into multiple company networks and steal data. The vulnerability was first flagged by MOVEit on May 31. The company deployed a patch to fix the vulnerability on the same day.

MOVEit is a managed file transfer software service that encrypts files and uses secure File Transfer Protocols to transfer data. It also provides automation services, analytics and failover options.

Organisations to have suffered data breaches as a result of the hack include accounting firm PwC, professional services company Aon, the BBC, British Airways, Aer Lingus, Boots, Shell, Siemens Energy, Schneider Electric, UCLA, Sony, EY, PwC, Conizant and AbbVie.MOVEit was used by most of these companies to transfer payroll information, which means data taken by the Russian hackers has the potential to impact millions of people.

Supply chains provide a huge surface area for cyber criminals to target, because they often comprise thousands of vendors, many of which might be vulnerable to cyber attacks. 

As with The Met and MOVEIT, hackers often target such vendors as a means of gaining access into a larger company – the so-called back-door attack.

Suppliers often entry point for malware & ransomeware

Supply vendors are often the entry point for malware, ransomware or denial of service attacks, which then work their way upstream or downstream to the larger organisation itself.

In the event that a supplier or third party is subject to a cyberattack that means they are unable to deliver key products or services, this can become a big problem very quickly and may impact business continuity. 

Internally, the biggest cyber threats come from suppliers or other third parties who have access to an organisation's IT networks. 

Externally, the biggest threat is from third-party organisations who perform a critical business process or deliver a key product to the first party. 

******

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.

Share

Featured Articles

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

BlueVoyant has unveiled a new Cyber Defense Platform which aims to tackle the growing attack surface introduced by the ecosphere of third-party vendors

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

With online streaming services being bigger than ever, Irdeto’s Andrew Bunten explains how they manage to keep streams safe despite the huge attack surface

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security

What ChatGPT Passing an Ethical Hacking Exam Means for Cyber

Technology & AI

Learn How CTEM can Upskill Your Cyber Strategy

Network Security