MoD Contractor Security Incidents Double in a Year

Cybersecurity incidents at Ministry of Defence (MoD) contractors appear to have doubled over the past year, with email data leaks a particular cause for concern, according to a new report.

Sky News was able to piece together some of the puzzle from Freedom of Information (FoI) requests sent to the ministry for 2020 and 2019.

They relate to the Warning, Advice and Reporting Point (WARP) system, which requires all contractors that process MoD information to report suspected or actual breaches of security policy, procedures or legislation, as well as other hostile activity and incidents on corporate networks.

The report claimed that 2020 saw a record 151 such incidents reported, versus just 75 the year before.

Although much of the detail in the FOI report was redacted, there were apparently “numerous” incidents when sensitive data was emailed to personal inboxes, where it could have been exposed to state-sponsored attackers.

Other incidents included a physical breach to a perimeter fence at an unknown location, misconfigured IT systems and “data sent to unauthorized domain.”

Tim Sadler, CEO of security firm Tessian, argued that remote working has made the problem of data loss prevention even more challenging.

“According to our data, employees send company sensitive information to personal email accounts 38 times more often than their IT and security leaders expect,” he added.

“While it might seem harmless, highly sensitive information in those emails now sits in an environment that is not secured by the company, leaving it vulnerable to cyber-criminals.”

The MoD news comes ahead of the government’s Integrated Review today which promises the biggest shake-up to British defense and security policy in decades.

Number 10 trailed the news on Sunday by revealing that the country’s new offensive National Cyber Force, combining intelligence and defense industry operatives, will be headquartered in the north of England.  

Leave a Reply