Met should thoroughly investigate cyber security practices, say experts

27 August 2023, 12:24

The New Scotland Yard sign
Racist WhatsApp messages charges. Picture: PA

Scotland Yard said it was made aware of ‘unauthorised access to the IT system of one of its suppliers’.

Metropolitan Police chiefs should carry out a thorough investigation of the force’s cyber security practices following an IT breach, industry experts have said.

Scotland Yard said on Saturday that it had been made aware of “unauthorised access to the IT system of one of its suppliers”.

The company in question had access to names, ranks, photos, vetting levels and pay numbers for officers and staff.

The force is now working with the company to understand if there has been any security breach relating to its data, and was unable to confirm how many personnel might be affected.

Cyber security experts said the possible data breach is “extremely worrying” but unsurprising as cyber attackers frequently target third-party companies.

The Met Police are extremely good at keeping their own data secure, but they do use third parties. As they have to use these parties, if they aren’t up to date with their own security then that becomes a weakness that could be targeted

Jake Moore, ESET

Jake Moore, global cyber security adviser for software firm ESET, told the PA news agency: “This is another extremely worrying episode of what we seem to be seeing quite a lot of this year.

“It’s just worrying to think these police forces are coming under attack in what I would suggest are relatively simple ways.”

Mr Moore said the current suspected breach appears to have been “a targeted attack to test the security within the supply chain” where criminals were “looking for the weakest link”.

He added: “The Met Police are extremely good at keeping their own data secure, but they do use third parties.

“As they have to use these parties, if they aren’t up to date with their own security then that becomes a weakness that could be targeted.”

Mr Moore suggested that current cyber security systems used by police forces, coupled with a lack of resources, may have led to flaws opening up.

He said: “It’s not impossible to stop this. It’s to do with understanding where all your data is.

“When you amalgamate systems, particularly when police forces join together, they tend not to understand completely where all their data is or who has access to it, and that can cause problems down the line.

“They need to do a complete analysis on who has access, why they have access to their data, and to reduce all of those weak points as best they can.

“It will take time – not necessarily too much money – but it will take resources and people power to mitigate this in the future, and hopefully something like this will shake the boots of all the chiefs around the country to wake up and act faster.”

We do have best practices and guidelines in the industry on how to protect the systems, so maybe it comes down to someone conducting an external audit in the aftermath to see whether or not they are following these practices

Professor Kevin Curran, Ulster University

Kevin Curran, professor of cyber security at Ulster University, agreed that the breach is likely to be down to “a third-party supplier issue”.

He said: “I’m not surprised really – data breaches are such a common occurrence and police are no exception.

“They have the same resources as a lot of other companies, where any data systems which have external access to the internet are a risk.”

Mr Curran said questions need to be asked about why third parties have access to such information, and if the Met has the right data classification methods in place.

He added: “It boils down to resources. Every organisation has to allocate a percentage of their IT budget to cyber security.

“It’s a publicly-funded organisation so there’s only a finite amount of resources you have, but we do have best practices and guidelines in the industry on how to protect the systems, so maybe it comes down to someone conducting an external audit in the aftermath to see whether or not they are following these practices.”

By Press Association

More Technology News

See more More Technology News

A child’s hand pressing a key of a laptop keyboard

Charity ‘appalled’ at reports online safety laws could be cut for US trade deal

School children during a Year 5 class at a primary school

Education Secretary: More men needed in classrooms to be positive role models

Games controller

Cult classic Shenmue named most influential game of all time in Bafta poll

Alliance MP Sorcha Eastwood (PA)

Parents crying out for online regulation, MP Eastwood says

TikTok is set to be banned in the United States later this week unless a buyer emerges.

Amazon makes last-minute bid to buy TikTok as deadline looms

Nintendo Switch 2

Everything you need to know about the Nintendo Switch 2

The Nintendo Switch 2 will release on June 5, 2025

Nintendo Switch 2: Exciting reveal, but why is it more expensive here?

A Nintendo Switch 2

Nintendo confirms Switch 2 will launch on June 5

Tesla dealership damage

Tesla sales tumble to weakest since 2022 amid Musk backlash

The Nintendo Switch 2

Nintendo reveals release date for long-awaited Switch 2 console

Roblox has introduced a slew of new safety features.

Gaming platform Roblox adds slew of safety fixtures for parents to monitor their children’s accounts

Meta's decision to change its content policies was heavily criticised by online safety experts (PA)

Majority oppose Meta’s rollback of safety rules, charity says

A child's hands pressing laptop keys

Regulation and technology can help combat spread of online misogyny, expert says

Raspberry Pi 4 micro computer

Raspberry Pi profits tumble after supply shortages

An RNLI lifeboat brings a group of people thought to be migrants into Dover

UK to work with allies and social media to tackle people smuggling adverts

A child using an Apple iPhone smartphone

School curriculum resources to teach children about risks of in-game purchases