Building resilience by improving cyber security, published by the Business Continuity Institute during Business Continuity Awareness Week, revealed that users are often choosing weak passwords and so leaving their IT networks vulnerable, and this vulnerability has now been realised at the UK Houses of Parliament. Over the weekend, Parliament experienced what was described as a sustained and determined cyber attack that forced remote access to be restricted for Members of both Houses, as well as their aides.
A senior spokesperson for Parliament commented: "We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this ongoing incident, working closely with the National Cyber Security Centre. Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network."
It was reported that the attack, which began last Friday, was specifically trying to identify weak passwords and gain access to users' email accounts. Ultimately this was successful with less than 1% of accounts, but this still amounts to about 90 people, and potentially results in sensitive data being exposed.
International Trade Secretary Liam Fox said: "We have seen reports in the last few days of even cabinet ministers' passwords being for sale online. We know that our public services are attacked so it is not at all surprising that there should be an attempt to hack into parliamentary emails. And it's a warning to everybody, whether they are in Parliament or elsewhere, that they need to do everything possible to maintain their own cyber security."
While the restriction of remote access seems to have abruptly and effectively ended the attack, it left many Parliamentarians and their staff without access to their emails over the weekend, a time when many of them attempt to catch up with constituency work.
The report published by the BCI highlighted several ways in which users can take responsibility for helping to improve cyber security, and this included the use of strong passwords that cannot easily be hacked or guessed. By doing so it means that everyone can play their part in building a resilient organization.