Electoral Commission Hack ‘Extremely Concerning’, Says Cyber Security Expert .

Data & Security



Doug Lucktaylor, head of information security at cyber security and data protection consultancy CSS Assure, said: “The cyber attack on the Electoral Commission remaining undetected for over a year – allowing hackers to freely lurk within its systems – is extremely concerning.

“Elections are the cornerstone of democracy and the infiltration of such processes is a threat that must be addressed. With an annual registration of 40 million people, the significance of safeguarding this information and, ultimately, the integrity of the electoral system, cannot be overstated.
“Not all cyber attacks are glaringly obvious; the most successful breaches are the ones that go unnoticed. This attack underscores the necessity for all institutions to proactively monitor their networks and systems. Maintaining a constant awareness of who has access and their activities within their systems is imperative to preventing and mitigating such breaches.
“While the data contained in electoral registers is limited, individuals should still remain vigilant. Cyber criminals have the ability to combine breached data with other publicly-available information to create comprehensive profiles and pull off effective social engineering attacks.”

What is a cyber attack?

A cyber attack refers to a deliberate and malicious attempt to compromise, disrupt, or gain unauthorized access to computer systems, networks, devices, or data, often with the intent to steal, manipulate, or damage information. These attacks can take various forms and can target individuals, organizations, or even entire nations. Cyber attacks can have serious consequences, including financial loss, data breaches, operational disruption, and compromised privacy.

How do you prevent a cyber attack?

Preventing cyber attacks requires a combination of technical measures, best practices, and user awareness. While it’s impossible to eliminate all risks entirely, following these steps can significantly reduce the likelihood and impact of a cyber attack:

  • Use strong and unique passwords, enable multi-factor authentication (MFA), and regularly update software.
  • Install antivirus and antimalware software, implement firewalls, and secure networks.
  • Back up data regularly and educate users about cybersecurity best practices.
  • Grant least privilege access, secure physical access, and ensure web application security.
  • Conduct security audits, develop an incident response plan, and ensure vendor security.
  • Stay informed about cybersecurity threats and trends.

Taking these measures helps protect against cyber attacks and minimizes potential risks.

Who are CSS Assure?

CSS Assure is a global network of consultants dedicated to simplifying cyber security and data protection, with the goal of making businesses hard to hack – from building a team’s resilience to helping with regulatory compliance.
Established in 2017 by co-founders Mike Wills and Charlotte Riley, the team is a unique blend of ex-military leaders with a combination of experience and expertise, cool headedness, strategic vision and precision-thinking that is unrivalled when it comes to protecting clients, their businesses, their data and their futures.
Part of legal and professional services group Ampa, CSS Assure is a certified B Corporation, meaning it has been verified by B Lab to meet high standards of social and environmental performance, transparency, and accountability.
The consultancy has been listed in Best Companies 2022 as one of the top 100 best large companies to work for in the UK. It also ranked as a top 75 East Midlands company, top 75 West Midlands company, and top 50 large London company to work for.

Published: 18th August 2023
Area: Cyber Security Solutions