Just over 27 percent of UK police websites were found to enforce high security standards for secure connections, according to research by the non-profit Centre for Public Safety.
With over 71 websites audited, the findings revealed that 1 in 10 police websites have severe vulnerabilities in terms of implementing secure connections, including the National Crime Agency’s Child Exploitation and Online Protection Centre (CEOP) and six other territorial police forces.
“Public services are undergoing a digital transformation and much has been made of the need and potential for such transformation in UK policing. While 27 per cent of police forces and affiliated organisations achieved the best grades in our tests, the others should be considered a cause for concern,” reads the CPS report.
When considering IT budgets, the study suggests some of the most secure websites belong to counties with lower IT spending. While the Metropolitan Police spent £110m on an IT supplier in 2014 and 2015, it was awarded the C cyber security grade.
Some websites that were allegedly upgraded were also found to be more vulnerable than their previous version, sporting even less secure connections. This means attackers could easily perform man-in-the-middle attacks or downgrade the encryption to less secure standards.
“It’s 2016,” said Rory Geoghegan, founder of the Centre for Public Safety. “The internet is not new, the cyber security threat is not new, and yet some police forces and their IT providers seem to think it is acceptable to pay large sums of taxpayer money for insecure technology.”
Warning that these findings show critical information could easily be accessed by cybercriminals, the organization recommends that all police services should start upgrading their websites and security. Else, they risk being targeted by cybercriminals.