The cyberattack on the Electoral Commission should “serve as a wake-up call to executives”, the boss of a cybersecurity firm has warned.
Suid Adeyanju, chief executive of British cybersecurity company Riversafe, said an underestimation of the threat of cyberattacks meant executives were “sleepwalking into a cyber catastrophe”.
His comments came after the Electoral Commission revealed on Tuesday it had been struck by a “complex cyberattack” in August 2021.
The breach, which went undetected for 14 months, gave “hostile actors” access to voters’ personal data including home addresses, images, email addresses, names and telephone numbers.
Shaun McNally, chief executive of the Electoral Commission, said the cyber attack is unlikely to influence electoral outcomes, because “the UK’s democratic process is significantly dispersed and key aspects of it remain based on paper documentation and counting.”
But he added that organisations involved in elections should “remain vigilant”.
John Hultquist, chief analyst at software firm Mandiant, parented by Google said intrusions into election networks are “not tantamount to manipulation of the vote”.
“We should be careful not to ascribe too much meaning to these incidents, which could serve the adversary’s interest,” he added, citing Iran’s fake hack of US election systems in 2020 to suggest they manipulated the vote when, in reality, they did not.
However, Ian McShane, VP of strategy at cybersecurity company Arctic Wolf said: “Despite claims from the commission this attack had no impact on the security of UK elections, it still could be used to undermine trust in future votes.”
The Information Commissioner’s Office has launched an urgent probe into the attack.