Forensic Control

The Electoral Commission hack: Cyber Essentials could have prevented it

As news breaks the Electoral Commission failed Cyber Essentials, we ask could the hack have been prevented if they had passed

Categorised:

Posted:

Cyber security is not something you can afford to ignore. Cyber attacks can cause serious damage to your reputation, finances, and operations. They can also expose your sensitive data to malicious actors who may use it for fraud, identity theft, or espionage.

A recent example of a cyber attack that affected a public organisation is the Electoral Commission hack. The Electoral Commission is the independent body that oversees elections and referendums in the UK. On 6 April 2023, it announced that it had been the victim of a “sophisticated and malicious” cyber attack that compromised some of its systems and data.

The Electoral Commission said that it had reported the incident to the National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO), and that it was working with them to investigate the breach and mitigate its impact. It also said that it had taken steps to secure its systems and prevent further attacks.

The Electoral Commission did not reveal the details of the attack, such as who was behind it, what was the motive, or what data was affected. However, it said that it had no evidence that the attack had any impact on the integrity of the elections or referendums that it oversees. After a whistleblower has come forward to reveal in the same month as the hack, the commission had failed to achieve Cyber Essentials.

This incident shows how important it is for organisations of all sizes and sectors to have robust cyber security measures in place. One of the best ways to do that is to get certified by the Cyber Essentials scheme.

What is Cyber Essentials?

Cyber Essentials is a government-backed, industry-supported scheme that helps organisations of all sizes and sectors improve their cyber security. It sets out five basic technical controls that you should have in place to prevent most cyber attacks:

  • Secure your internet connection with a firewall
  • Secure your devices and software with appropriate settings and updates
  • Control who has access to your data and services with user accounts and passwords
  • Protect yourself from viruses and malware with anti-virus software
  • Protect your data from theft or loss with backups

By implementing these controls, you can reduce your vulnerability to cyber threats and demonstrate your commitment to cyber security to your customers, suppliers, and regulators.

What is Cyber Essentials Plus?

Cyber Essentials Plus is a higher level of certification that requires an independent assessment of your cyber security by an accredited body. It verifies that you have implemented the five technical controls correctly and effectively, and that they can withstand simulated cyber attacks.

Cyber Essentials Plus gives you a higher level of assurance and confidence in your cyber security, as well as a competitive edge in the market. It also helps you comply with some regulatory requirements, such as the General Data Protection Regulation (GDPR) and the Network and Information Systems Regulations (NIS).

Why choose Forensic Control?

Forensic Control is a boutique cyber security company based in London, UK. We offer consultancy and certification for Cyber Essentials and Cyber Essentials Plus. We have helped hundreds of organisations of all types and sizes achieve cyber security excellence.

We believe in making cyber security simple and accessible and help you understand the risks and benefits of cyber security, and guide you through the process of getting certified. We can also provide ongoing support and advice to help you maintain your cyber security standards.

Our team of experienced and qualified cyber security experts  deliver high-quality service at affordable prices and tailor our service to suit your needs and preferences.

If you are interested in getting certified by Cyber Essentials or Cyber Essentials Plus, or if you want to learn more about our services, please contact us today.

We look forward to hearing from you soon.

Related content

As computer forensics experts we are bound to abide by the ACPO Principles of Digital Based Evidence, ACPO being the Association of Chief Police Officers. ACPO provides a set of Guidelines for Computer Based Evidence, and they come with a suite of four essential principles. Here they are.
Computer forensics, sometimes known as digital forensics, is undertaken by trained examiners who pull data (search histories, purchase records, time logs and more) from devices including, but not limited to: computers, tablets, and smartphones.

Subscribe

Sign up here if you wish to receive updates and news from Forensic Control by email. We will not send you anything else and you may end the subscription at any time.

By providing your email address, you agree to receive marketing
messages as per our Privacy Policy