A recent study finds that one quarter of law enforcement websites based in the UK have a weak connection and could be prone to hacker interception.
What's Caused these Insecurities?
The most recent claims suggest that it is not entirely the fault of the police themselves. So called "upgrades" to police department websites have resulted in greater vulnerability for users. Only 27 percent of the 71 sites that were tested had the "world standard" of security, several sites were supposed to go further than this level of security but ended up with an even weaker infrastructure. The Metropolitan Police alone spent around £110 million on just one IT supplier from 2014 to 2015. Besides this massive budget and insentive to create strong security within their customer's website, the supplier was only able to obtain a Cyber Security Grade of a C. A Cyber Security C grade is the same as the the rest of the UK overall. This means that the police and criminal databases could be accessed as easily as any other website besed around the country.
Most attacks that target these low security websites would likley be "Man in the middle" attacks. These kinds of attacks are designed to intercept and copy data mid-transmission. This could lead to massive amounts of criminal and personal data being stolen. The vunerability also gives way for an increased crime rate as hackers could find out what evidence police forces have and haven't got at their disposal.
Many police forces tried to eliminate this threat from hackers by "upgrading" their websites. Cheshire Constabulary scored a similar C grade in July 2016 but then sought to upgrade with a IT supplier only to find that their grade went down to a Cyber Security grade of F. Making them vunerable to several "Man in the middle" attacks such as the outdated "POODLE" attacks. Other Constabularies with a lower budget actually performed better on the security tests. Dorset, Durham and Warwickshire were all awarded the top A grade.
Does this mean that less is more when investing in website security? Or did police forces just choose the wrong IT supplier?
Source Articles: One-quarter of UK police websites lack a secure connection
Enjoy the blog post? Then you would love our newsletter! Sign up here Signup and get a free Office 365 pitfall PDF guide
Call us on: 01865 988 217