Ash Patel, country manager for UK & Ireland at Stonesoft comments on the recent hack on Hertfordshire Police’s website,
“The most worrying aspect of this attack is that the hackers only made themselves known once they had have achieved what they set out to. This raises an important question as to what other damage may have been caused and whether any other data was stolen that the force is currently not aware of. Furthermore, the organisation should think about potential Trojans that may have been left as sleepers in the database/network.
“It is becoming very concerning about the sheer number of government/public sector sites that have been compromised recently. This is not sending a positive message to organisations which are looking to do business in the UK. And, in turn, is damaging the reputation of UK PLC.
“Public sector organisations need to understand that, by hosting sites with third parties or outsourcing such important services to system integrators, does not take responsibility away from those who are employed to ensure the security of “our” data. It is time that it was made clear that the responsibility lies with the government and its employees in the same way that the nation’s security lies with the armed forces.
“It is also important to note that Hertfordshire Police’s website was externally hosted and this, as always, highlights that when employing this parties to host sites, the first and most important question that should be asked is with regards to security, after which can come questions around cost and availability. This is even more so the case when the organisations are of public interest.
“Today this may only be a defaced website and a few passwords but tomorrow this could compromise people’s lives.”