ICO’s online security ‘safe as houses’

ICO's online security 'safe as houses'The Information Commissioner’s Office may come down hard on even the most menial data misdemeanor but there is no doubting its own online security after it revealed its website has never once been compromised in the past five years.
The organisation revealed its “safe as houses” record following a Freedom of Information request by DecisionMarketing, which showed only two occasions where hackers nearly got through the ICO’s ring of steel.
The first was between 23 April 2012 and 21 May 2012, when the availability of the website was affected; the second was between 11 and 12 February 2014.
However the ICO confirmed: “Neither occasion resulted in unauthorised access or the compromise of any data.”
The move comes as the ICO this week has published a security report detailing eight of the most common IT security vulnerabilities, drawn from the regulator’s investigations into data breaches.
Many of these incidents have led to serious security breaches resulting in the ICO issuing monetary penalties totalling almost a million pounds to date.
They include the £200,000 penalty issued to the British Pregnancy Advice Service, after user details were stored insecurely on the charity’s website and compromised. The ICO also issued a £250,000 penalty to Sony Computer Entertainment Europe after the company failed to keep its software up to date, leading to the details of millions of customers being compromised.
The top eight security vulnerabilities covered in the ICO’s report:

  1. Failure to keep software security up to date
  2. Lack of protection from SQL injection
  3. Use of unnecessary services
  4. Poor decommissioning of old software and services
  5. Insecure storage of passwords
  6. Failure to encrypt online communications
  7. Poorly designed networks processing data in inappropriate areas
  8. Continued use of default credentials including passwords

ICO group manager for technology Simon Rice said: “In just the past couple of months we have already seen widespread concern over the expiry of support for Microsoft XP and the uncovering of the security flaw known as Heartbleed
“While these security issues may seem complex, it is important that organisations of all sizes have a basic understanding of these types of threats and know what action they need to take to make sure their computer systems are keeping customers’ information secure.”

Related stories
Abortion charity hit by £200,000 fine
Cyber gang banged up for 30 years
Gang held in Santander hack scam
Only 2% of cops can fight e-crime
Cops ‘don’t care about cyber-crime’
Staffer held over Morrisons breach
Hackers ‘get ugly’ with mega attack
ICO issues funding ‘cry for help’
ICO faces £43m funding black hole
ICO gets nearly 4,500 calls a week
Are data enforcers up to the job?
UK data breach fines top £2.5m
ICO defends ‘paltry’ £250k Sony fine
Adobe data attack ‘may hit billions’
Top US stars hit by D&B breach
Foxtons hit by online hack attack
Hacking staff could wind up firm
58m rocked by Ubisoft hack attack

1 Comment on "ICO’s online security ‘safe as houses’"

  1. Data regulator reveals online ‘ring of steel’ for its own website in DecisionMarketing FoI request http://t.co/ykff4aZFFI #dataprotection

Comments are closed.