The Important Lesson Learned from the U.K. Parliament Cyberattack
The Parliament’s computer network was recently targeted by a brute force attack. Weak password requirements allowed hackers to gain access to 90 of parliaments 650 member’s email accounts. Although IT staff or 3rd party cyber firms can implement strong cyber-security regulations, the members of the House of Commons, or employees at any company are typically the source of a breach. Without knowing it, Members of the Parliament created threats for themselves, that went undetected until it was too late. In order to minimize the damage or the attempt of blackmail, officials temporarily locked members out of their email accounts.
Henry Smith, from the Parliament, tweeted “Sorry, no parliamentary email access today – we’re under cyber-attack from Kim Jong-un, Putin or a kid in his mom’s basement or something.” The immediate consensus was that the hacking was state sponsored. Russia and North Korea have sponsored attacks previously, so the notion wouldn’t be too far off.
In the midst of all this, weak password criteria were the root of the breach. Implementing password criteria that push beyond using one capital letter (which will typically be the first letter) and using one special character (which will usually be an exclamation point), will minimize the risk of exposing a network. Two-factor authentication, and monitoring the dark web are also important steps to govern credential loss, especially in a proactive state.
An official cautioned that “cyber threats to the UK come from criminals, terrorists, hacktivists as well as nation states.” When hacked, credentials end up on the dark web. What happens from there is unknown, especially if people are unaware that they have now been targeted. In this case, the members were notified quickly. If this happened to your business, how soon would you know your credentials were for sale on the dark web? Or would you?
Have any suggestions or ideas on how to strengthen your password? Tweet us @ID_Agent