UK police cyberattack stark reminder of vendor vulnerability

Share
The Metropolitan Police Force remains on high alert following a security breach involving the IT system of one of its suppliers.
Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

News that the UK’s largest regional police force, the Metropolitan Police, has been the subject of a supply chain cyber attack is yet another reminder to organisations that third-party vendors remain a huge area of cyber vulnerability.

Know as ‘The Met’, the force employees 35,000 police and civilian staff, and remains on high alert following a security breach involving the IT system of one of its suppliers.

The vendor in question has access to names, ranks, photos, vetting levels and pay numbers for officers and staff, but not personal information such as addresses, phone numbers and financial details, a Met spokesperson said.

The spokesperson was unable to say when the breach occurred or how many personnel could be affected.

Rick Prior, Vice Chair of the Metropolitan Police Federation, which represents staff, said: “Officers are out on the streets of London undertaking some of the most difficult and dangerous roles imaginable to catch criminals and keep the public safe.

“To have their personal details potentially leaked into the public domain will cause incredible concern and anger. This is a staggering security breach that should never have happened."

Staggering, but all too common.

Back door cyber attacks all too common

Another notable recent back-door incident was the MOVEit cyberattack, which saw a ransomware gang hack into multiple company networks and steal data. The vulnerability was first flagged by MOVEit on May 31. The company deployed a patch to fix the vulnerability on the same day.

MOVEit is a managed file transfer software service that encrypts files and uses secure File Transfer Protocols to transfer data. It also provides automation services, analytics and failover options.

Organisations to have suffered data breaches as a result of the hack include accounting firm PwC, professional services company Aon, the BBC, British Airways, Aer Lingus, Boots, Shell, Siemens Energy, Schneider Electric, UCLA, Sony, EY, PwC, Conizant and AbbVie.MOVEit was used by most of these companies to transfer payroll information, which means data taken by the Russian hackers has the potential to impact millions of people.

Supply chains provide a huge surface area for cyber criminals to target, because they often comprise thousands of vendors, many of which might be vulnerable to cyber attacks. 

As with The Met and MOVEIT, hackers often target such vendors as a means of gaining access into a larger company – the so-called back-door attack.

Suppliers often entry point for malware & ransomeware

Supply vendors are often the entry point for malware, ransomware or denial of service attacks, which then work their way upstream or downstream to the larger organisation itself.

In the event that a supplier or third party is subject to a cyberattack that means they are unable to deliver key products or services, this can become a big problem very quickly and may impact business continuity. 

Internally, the biggest cyber threats come from suppliers or other third parties who have access to an organisation's IT networks. 

Externally, the biggest threat is from third-party organisations who perform a critical business process or deliver a key product to the first party. 

Share

Featured Articles

Guinness and the Challenge of Balancing Supply and Demand

Guinness’ soaring popularity among younger drinkers and women has led to unprecedented demand, forcing pubs to navigate order limits ahead of Christmas

Tonkean & Beroe's bid to Transform Procurement Orchestration

Tonkean and Beroe's launch of Market Intelligence-Infused Orchestration for procurement processes looks set to revolutionise supply chain decision-making

UPDATED VENUE & DATE – PSC LIVE Chicago 2025

PSC LIVE Chicago announces important changes to its venue and date for the co-located event with Sustainability LIVE and Manufacturing LIVE in 2025

Returns Tuesday: The Ultimate Reverse Logistics Challenge

Logistics

Supply Chains at a Crossroads as Plastic Treaty Talks Stall

Sustainability

Cyber Monday: Sustainability in the Digital Shopping Boom

Sustainability