ICO website under siege from 40 online threats a day

The Information Commissioner’s Office website – the only official resource for tens of thousands of companies looking for advice on all areas of data protection, including how to comply with GDPR – is under sustained attack from online criminals.
According to a Freedom of Information request made by Decision Marketing, the site has been hit by 7,300 potential threats in the first six months of this year, equivalent to 40 every day.
However, despite this onslaught, the ICO’s cyber defences are holding firm; so far, not a single attack has managed to breach its firewall.
The FoI request does detail a number of periods of downtime between January and June this year, which the ICO claims were due a migration of the website to a new platform, while it was also offline for periods when its service provider made some changes to improve performance and stability. In total, however, the site has been down for just over 12 hours in the past 6 months.
British Airways and Marriott International – which are facing record GDPR fines totalling over £282m for allowing hackers to access the personal data of millions of customers – might be wishing they had had such a robust system.
Even so, the full scale of the online security challenge UK businesses face was exposed recently when it was revealed that British firms are facing one cyber-attack every 50 seconds.
According to an analysis from managed services specialist Beaming, UK firms faced an average of 146,491 attempted cyber-attacks in the second quarter of 2019 – a 179% increase over the same period last year; the highest level since Beaming started monitoring attacks in 2016.
However, the ICO has not always managed to thwart the criminals. In February last year the regulator was among thousands of organisations which had their websites hacked in a bid to force visitors’ computers to run malicious software that mines a cryptocurrency similar to Bitcoin.
And back in 2012, the site suffered a major attack – unleashed by a group claimed to be linked to the Anonymous collective – amid claims the regulator was not doing enough to protect consumer data. On that occasion, the site was down for three days.