The COVID-19 pandemic has prompted a surge in cyber incidents – and now the UK Government appears to be ignoring a serious warning from the National Cyber Security Centre (NCSC).
Major departments within the government have purchased more than 700 Zoom video conferencing licences, despite official warnings. A total of 731 licences have been ordered since the outbreak began with the Ministry of Defence picking up 550, the Cabinet Office 150, the Home Office eight, the Treasury five and the Foreign and Commonwealth Office 15.
In a release it was explained that the National Cyber Centre advised Parliament that Zoom should only be used for public business with reports suggesting half a million Zoom accounts may be available on the dark web. Concerns have recently prompted Zoom to introduce a host of security updates to counter recent Zoom Bombings, in which third parties join calls to shout abuse or show offensive images.
“The COVID-19 crisis has seen millions of new users sign up to Zoom to host meetings and provide important updates to employees working remotely,” said Paul Farrington, chief technology officer of Veracode. “However, in recent weeks a series of security missteps and bugs have been discovered, which raise fresh questions about the cyber risks and privacy issues associated with online conference systems.
“With this in mind, it’s critical that key government departments are cautious if using the platform for sensitive meetings, around national security, and public health. With cyberattacks on the rise, it’s also crucial that users ensure they have downloaded the latest versions of these applications, to prevent hackers from gaining access and stealing data.”
In addition, the release highlighted the extent of the government’s investment in new devices – with 41,300 new laptops, tablet computers and mobile phones picked up across the departments.
“The tidal wave of new device purchases, including tens of thousands of laptops, tablets and mobiles is essential for ensuring that government departments can operate effectively during the Coronavirus lockdown,” said Andy Harcup, VP of Absolute Software. “However, the rush to implement new remote working models must be accompanied by a rigorous and robust approach to cyber security. Key to this is ensuring complete visibility into the device estate, so that IT chiefs can ensure every single user has that latest security updates, including checking that apps like Zoom are up to date and secure. It’s also critical to be able to wipe, track and freeze laptops which contain confidential data, in the event of theft or loss.”