The Electoral Commission has admitted it failed a cybersecurity test in the same year that hackers successfully attacked the organisation.
The UK’s elections watchdog said it did not pass a Cyber Essentials test, a voluntary government-backed scheme that assesses an organisation’s readiness against cyber-attacks.
The commission said it failed the test in 2021, when it was breached by an unknown assailant.
The organisation revealed last month that it had been a target of a “complex cyber-attack” that resulted in hackers accessing reference copies of the electoral registers, equating to the names and addresses of 40 million people. It said the attack started in August 2021 and was not detected until October 2022.
The commission said it did not pass the test due to two issues unrelated to the hack: an earlier version of Windows software on some laptops and a dated version of staff mobiles. It said those problems were not linked to the attack, which affected the organisation’s email servers.
“We are always working to improve our cybersecurity and systems. We draw on the expertise of the National Cyber Security Centre, as many public bodies do, to continue to develop and progress protections against cyber-threats. We regularly seek guidance and feedback on our systems to deal with the continued risk of cyber-threats as they evolve and take different forms. We welcome these learnings and act on them,” an Electoral Commission spokesperson said.
Source: The Guardian