The Electoral Commission hack: how can we foresee and combat cyberattacks?

The Electoral Commission hack: how can we foresee and combat cyberattacks?

By Chris Dimitriadis,Global Chief Strategy Officer at ISACA

Cyberattacks are scary for many reasons, but one of the most worrying reasons is that they are rarely visible – which is exactly happened with the Electoral Commission hack. For over 14 months, the Electoral Commission was being hacked without anybody noticing.

The hack accessed the data of 40 million voters. To put this into perspective, it left the names and addresses of all voters registered between 2014 and 2022 vulnerable. While such data is not considered high-risk by themselves, it may be combined with other datasets to profile individuals and analyse their behaviours. This type of attack isn’t rare, which is why we need to get better at spotting the warning signs of a hack. The question is – how can we do this?

Prioritise cybersecurity

Cybersecurity needs to be prioritised and taken seriously. While it might seem obvious, businesses need to be prepared and invest in protecting against cybercrime. Some C-Suite decision makers may be reluctant to invest in cybersecurity because the results aren’t tied to the broader business objectives. However, it’s worthwhile to do so – if not, organisations leave themselves open to attacks that they don’t have the infrastructure to deal with.

Employees need to at least be aware of the risks of the digital workplace – technology, the internet, and data sharing – and take the appropriate precautions to protect themselves and the wider business. Everyone is responsible for protecting against bad actors – not just the cybersecurity or IT departments.

Bring in the experts

Whilst it is integral that all staff members have an awareness and basic understanding of cybersecurity, every business still needs skilled cyber professionals. But this is easier said than done as half of all UK businesses are suffering from a basic cybersecurity skills gap.

It’s imperative for the industry to close that gap, so businesses should look to upskill their current staff or consider hiring people who are already qualified in cyber. Schemes like the Upskill in Cyber programme from the UK government are helping to deal with this problem, encouraging anyone to sign up, including those that don’t have any prior experience in the industry. As well as this, ISACA is providing 20,000 free memberships to students in Europe to increase the number of networked cybersecurity professionals and to provide member-free resources to professionals to increase their knowledge and preparedness.

Employing people with cyber skills or providing current employees with holistic cybersecurity training will enable businesses to plan, budget and execute towards spotting and stopping attacks in their tracks. If we don’t have these vital people working to protect businesses, they risk damaging digital trust beyond repair.

Establish digital trust

ISACA defines digital trust as the confidence in the relationship between providers and consumers within an associated digital ecosystem. It’s essential for any business to succeed, protect their reputation and boost their economic growth as exchanges and transactions are more likely to happen when customers trust a business.

ISACA’s research into the state of digital trust revealed that 92% of European business and IT professionals say digital trust is important to their organisation, and nearly half suggested that a lack of staff skills and training was the biggest barrier to obtaining digital trust. However, despite its importance, it’s not being prioritised – of those surveyed, one in three do not measure their digital trust practises at all.

Fundamentally, a combination of buy-in at board level on cybersecurity, a skilled and trained workforce, and a high level of digital trust will put businesses in the strongest position to ward

off threats and hackers. This way, incidents should be more preventable, and dealing with the aftermath of a cyberattack will be easier and quicker by identifying the threat sooner. As a direct result of cybersecurity being taken more seriously, customer trust will grow, and businesses will thrive.