Government splashes out on 700 Zoom accounts despite warnings from security chiefs

Major UK departments buy-up licences for Zoom web conference systems despite official warnings from National Cyber Security Centre (NCSC) about security risks

by Patrick Sullivan, Political Editor on 20 May 2020 10:59

Paul_farrington_veracode

Major government departments have bought over 700 Zoom video conferencing licences during the Covid-19 outbreak, despite official warnings from security chiefs at the National Cyber Security Centre (NCSC) about the risks of hacking and data privacy.

Official figures obtained under Freedom of Information (FOI) legislation by the Parliament Street think tank, show a total of 731 Zoom licences have been ordered since the outbreak began.

The data shows that the Ministry of Defence (MoD) purchased 550 Zoom accounts, the Cabinet Office 150, the Foreign and Commonwealth Office (FCO) 15 and Treasury 5 and Home Office bought 8. Recently Parliament was advised by the National Cyber Security Centre, part of intelligence agency GCHQ, that Zoom should only be used for public business.

Meanwhile reports suggested half a million Zoom accounts are available on the dark web.

The concerns forced Zoom to release emergency security updates, including encryption and privacy amendments due to “Zoom Bombings” whereby third parties join meetings, shouting abuse and sharing offensive images. Additional data around government preparations for Covid-19 show that these six key departments have also investment heavily in new devices to enable staff to work from home.

The departments purchased at total 41,300 new laptops, tablet computers, and mobile phones to help staff operate remotely. In total, these government departments invested in 27,589 new laptops since the start of the Covid-19 outbreak, 4,011 tablet computers and 9,700 mobile phones, to deal with new safety guidelines for work, such as remote and home-working.

The department which invested the most heavily in new devices was the Ministry of Defence, which purchased 13,500 new laptops, 3,263 new tablets and 2,200 new mobile phones – a total device count of 18,963.

The MoD also invested in a whopping 9,467 new Microsoft Office 365 accounts, and 550 Zoom accounts to enable staff to continue working offsite. The Ministry of Justice purchased 12,136 new devices in total, 5,888 of which were mobile phones, 6,000 were laptops and 248 were tablet computers. The third highest investor in new tech, was the Home Office, who purchased 9,085 new devices: 7,500 new laptops, 1,085 new phones and 500 tablets.

HM Treasury purchased just 898 new devices – split evenly between phones and laptops – and the Cabinet Office purchased 59 MacBook Airs, 91 Elitebooks and 68 iPhone 6s, for a total of 218 new devices. The Department for Transport and the FCO both revealed that they hadn’t purchased any new devices since January 2020 in response to the Coronavirus outbreak.

Security chief Paul Farrington, EMEA, Chief Technology Officer, Veracode told The Commentator: “The Covid-19 crisis has seen millions of new users sign up to Zoom to host meetings and provide important updates to employees working remotely. However, in recent weeks a series of security missteps and bugs have been discovered, which raise fresh questions about the cyber risks and privacy issues associated with online conference systems.

Farrington continued, "With this in mind, it’s critical that key government departments are cautious if using the platform for sensitive meetings, around national security, and public health. With cyber attacks on the rise, it’s also crucial that users ensure they have downloaded the latest versions of these applications, to prevent hackers from gaining access and stealing data.”

Andy Harcup, VP, Absolute Software added, “The tidal wave of new device purchases, including tens of thousands of laptops, tablets and mobiles is essential for ensuring that government departments can operate effectively during the Coronavirus lockdown. However, the rush to implement new remote working models must be accompanied by a rigorous and robust approach to cyber security.

Harcup continued, "Key to this is ensuring complete visibility into the device estate, so that IT chiefs can ensure every single user has that latest security updates, including checking that apps like Zoom are up to date and secure. It’s also critical to be able to wipe, track and freeze laptops which contain confidential data, in the event of theft or loss.”

Chris Ross, SVP at Barracuda Networks said, "With millions of people working from home, video conference systems have become an essential element of everyday life." He added that it was 'vital' that all departments had the nessasary security systems in place to protect against phishing attacks, malicious emails and data breaches. 

Comments
blog comments powered by Disqus