With the coming to light of the basic mistake made by the UK Ministry of Defence (MoD) in including hundreds of email addresses of Afghan interpreters, some of which were still in hiding, within an outbound email, the UK has majorly failed to protect personally identifiable information (PII) to a consequentially devastating level.
A second MoD data breach shortly following was also including Afghan interpreter email addresses which have compounded the mistake even further.
Both of these incidents have done far more than making the MoD look foolish and ill-equipped, the ramifications are putting the lives of the individuals contained within the breach and their families in considerable danger.
Information security, as a discipline, focuses on the protection of the confidentiality, integrity and availability of sensitive information. As a subset of information security, cybersecurity has the main focus of protecting each in the digital realm.
Personally Identifiable Information (PII) classes individual’s email addresses (both business and personal) under their category, as is deemed as confidential material by regulation for most businesses. This breach within the MoD had unveiled not just email addresses, but also photographs of certain individuals who are victims of the breach.
With this level of a data breach within a Defence body, many have pointed a finger at the UK MoD as a stark reminder of cybersecurity not just being about the protection of computer systems and data. Cybersecurity should be viewed as a protector of people first and foremost.
The seriousness of not protecting the PII of Afghan interpreters is viewed to serve more severe complications beyond that of a compliance violation. With the potential of this information now reaching the wrong hands or being sold on the dark web, the very real potential of the threat on life for those 250 email recipients comes as a price tag for malicious actors to benefit from its content and worth with no concern for human life.
Call for Swift Change
Boards and experts are now highlighting this severe incident as a sounding board for data privacy to be moved from a best practice for organizations to one of standard practice.
With a motion to make people within organizations realise the importance of training and education in understanding not only what to do in regards to data privacy, but also why it must be done, technology must be enabled to identify potential mistakes and prevent them from turning into the worst-case scenario.
For more information on IT Security events 2021/ IT Security events 2022, enterprise technology events, big data analytics and any upcoming identity management event, check out the events from Whitehall Media today.