Security concerns have been raised after it was discovered that 316 electronic devices have been lost by top Government officials.
The devices vanished from the Prime Minister’s Office, the Privy Council, the Equalities HQ and the offices of the leaders of the House of Commons and the House of Lords.
In 2018, 89 electronic items went missing, rising to 163 in 2019. And despite COVID-19, a further 64 items have been lost this year, according to figures released under Freedom of Information (FOI) legislation to the Parliament Street think tank.
“With an increasingly remote workforce due to the COVID-19 outbreak, it’s absolutely essential that government departments take the necessary steps to ensure all devices are correctly secured,” said Stav Pischits, CEO of Cynance, a division of Transputec.
“Even though these devices were encrypted, hackers can find new ways to break through systems to access confidential files, which could be lethal in thew wrong hands. So, ensuring robust encryption and cyber security measures at all times is essential.”
Sticky-note passwords
However, Ed Williams, director EMEA, SpiderLabs at Trustwave points to situations where usernames, passwords and PINs are included in laptop bags or stuck to the back of mobile devices.
“We have also seen situations where full disk encryption (FDE) can be bypassed, so this shouldn’t be the only security solution implemented. It’s important to consider as many threat models as possible, the instance of bypassing FDE should be at the top of the list when designing a security implementation for mobile devices.
“Furthermore, if you’re wondering whether others being able to access data on your lost device matters or not, the answer is both yes and no. Malicious actors may be after data, or they may be able to leverage usernames and password from the devices to gain further access where more valuable data can be found.
Weakest link
Lost devices have been an issue in Whitehall for years. A portable computer went missing in 2000 when an MI6 official visited a tapas bar. In 2007, the Government said it had lost the data of 25 million people after computer discs vanished.
And in 2017, a USB stick with details of the Queen’s security and Heathrow was found by a member of the public.
“The COVID-19 outbreak has led to a sharp rise in phishing scams, with fraudsters impersonating banks in order to extract personal financial details of victims, many of whom are under extreme financial pressure,” said Andy Harcup, VP, Absolute Software.
“Failure to identify and block these kinds of attacks could lead to severe data breaches for businesses, particularly if the recipient of the request hands over usernames and passwords to the company account. With millions of people now working from home for the foreseeable future, often using personal phones and newly purchased laptops, the threat posed by hackers is higher than ever.
Said Pischits: “For hackers there is always a way in. They will always look for the weakest link in the chain and exploit it. If the door is closed, they will look to get through a window, or to create a new door. It’s not a question of ‘if’ but ‘when’…As we all know, information stored on government staff’s devices is always a highly lucrative target for Hackers.”
