From Shakespeare to House of Commons Committee of Public Accounts, those in power have often had issues with breaches; data or otherwise.
Now I don’t want to sound all a bit cultured here, as this blog is all about cyber security, but I’m going to talk a little bit about Shakespeare.
Now please don’t be put off, but my very limited knowledge of Shakespeare was roused when I stumbled across a report from the House of Commons Committee of Public Accounts. Ok, that’s a strange link I’ll admit, but stay with me on this. The report in question is titled ‘Thirty-eighth Report of Session 2016–17’ : Protecting information across government’ and was published by HM Government on 3rd February 2017 and it contained some quite startling statistics that don’t’ really seem to have been reported on in the IT and cyber security press.
Enjoy this quote from the report :-
“In 2014–15, the 17 largest departments recorded a total of 14 data incidents that they considered reportable to the Information Commissioner’s Office, and recorded 8,981 non-reportable incidents. Of the 8,981, Her Majesty’s Revenue and Customs recorded 6,038 (67%) and the Ministry of Justice 2,798 (31%). Another 15 departments recorded only 145 between them, fewer than 2% of the total. Several departments recorded no non- reportable incidents at all, including the Department for Work and Pensions, a large department with a comparable level of online activity to HMRC. We are aware that numerous low-level breaches do occur, such as letters containing personal details being addressed to the wrong person; however these are not consistently recorded as data breaches”
That’s right, HM Customs and Revenues recorded over 6,000 data breaches and the Ministry of Justice just short of 3,000 data breaches in the period of 2014-15. Now of these breaches only 14 were ‘considered’ reportable to the ICO. The way they describe the low-level breaches appear almost dismissive but they really should be aware that with the forthcoming GDPR those ‘low level’ breaches are ‘breaches’!
So, what about Shakespeare? In his play, Henry V, the King himself utters the words ‘Once more unto the breach, dear friends, once more’ as part of an incredibly famous monologue, where the English army were taking on the French at the city of Harlfeur. The breach in question is the gap in the wall of the city of Harfleur, which the English army held under siege.
Bring the two together and what we have are huge holes in the data security of major government departments but no rallying cry from the governments leaders to close them up, which we could really do with, if the Government is to take a leadership role on taking cyber security measures and GDPR compliance.
We are of course in a prime opportunity for the current and future potential Governments to make such a rallying cry as we are in the last week of a General Election campaign, but apart from a few almost throw away comments about ‘tightening up cyber security’ there has not been any commitment to get government departments of all sizes to comply with the government’s own Cyber Essentials scheme, and assurances that they will also fully comply with GDPR, that comes into force less than a year from now.
I’m aware that cyber security may not have the voter friendly or headline grabbing appeal of topics such as social care, NHS funding, investment in schools. But the securing of all citizens identities and associated data effects each and every one of us. From our tax records, to our passport details, our NHS records and much more. All of which are subject to theft, loss or illegal manipulation if any data breach occurs.
If the government did make such a pledge, then it would send a strong signal out to the business community to follow its lead and for them to adopt Cyber Essentials and comply with GDPR.
Just returning to Shakespeare for a moment, in the rallying speech made by Henry he was encouraging his troops to attack the city again, even if they must ‘close the wall with English dead’. In essence saying that we must close these breaches down regardless of the (human) cost. Now I’m not suggesting that the Government or businesses should push hard working IT and cyber professionals to a point of destruction to plug breaches but there is no doubt that as the attacks continue and breaches are continually prevalent that more work needs to be done to get us to a point of genuine cyber security.