The Royal Household is looking for a cyber security engineer to monitor networks and systems and protect the Royal Household’s digital systems from hacking attacks. The salary on offer is in the range of £50,000 and £60,000 per annum.
The Royal Household’s online security concerns are understandable, for modern hackers stop at nothing when it comes to targeting key institutions at sovereign nations, be it legislators, ministries, government agencies, the judiciary, defence forces, local councils, and even central banks.
The alarming rise in the number and scale of ransomware attacks in recent times, coupled with hackers using every phishing trick in the book to target individuals and organisations and infiltrate critical systems and networks, has make it abundantly clear that no one in safe from existing and emerging cyber security threats. Hackers demanding a ransom from the Queen is a prospect no one would want to deal with.
Which is why the Privy Purse and Treasurer’s Office has advertised an opening for a Cyber Security Engineer who will join the Royal Household’s cyber security team and play a vital role in delivering a “Cyber Security and Resilience Strategy.” The engineer will be expected to work 37.5 hours per week and will be paid a salary of £50,000 – £60,000 per annum, based on experience.
“You’ll monitor our network and systems, identify potential security threats and lead on response activities. Carrying out technical investigations, you’ll identify potential risks and impacts, and ensure controls are in place across our hardware and software to keep us cyber secure and resilient.
“You’ll regularly review and evaluate our cyber security and response activities and working in close collaboration with the IT and Information Assurance teams, you’ll look to maintain our policies, standards and best practice,” the advertisement reads.
“Reporting to the Chief Information Security Officer, you’ll work together to create a culture of continuous security improvement. You’ll provide expertise and insight on controls and procedures to minimise cyber incidents and strengthen resilience. And you’ll be relied upon to identify future projects and technologies that will develop our strategy further.
“You’ll also be involved in creating and delivering cyber awareness training to employees across the organisation, keeping everyone up-to-date on important security standards. The range of work will expand your knowledge further, and knowing your work is integral to the security of the organisation will continue to drive you.”
Even though the job may not seem to be as complex as being part of an IT security team at an enterprise-scale organisation, the Royal Household is an intitution on its own, employing approximately 1,200 staff across departments such as catering, housekeeping, accountancy, secretarial, media relations, human resources, art curatorship and strategic planning.
The Royal Household also has computer systems at varied locations across the UK, including Buckingham Palace, Windsor Castle, Hillsborough Castle, Sandringham House, Balmoral Castle, Highgrove House, Clarence House, Kensington Palace, St James’s Palace, and the Royal Lodge in Windsor.
While the appointment of a Cyber Security Engineer will certainly shore up the Royal Household’s cyber defences in the coming days, what remains to be seen is whether the in-house cyber security team is training approximately 1,200 staff on cyber hygiene and detecting phishing emails, and using the latest anti-phishing email filters to block malicious threats.
However, these steps may not be enough to protect the personal data of the Royal Family from getting into the hands of opportunistic hackers. For instance, a cyber attack targeting the London Bridge Plastic Surgery clinic in 2017 enabled the Dark Overlord hacker group to access pictures and plastic surgery details of various celebrities, including members of the Royal Family.
Such data leaks through third-party breaches can only be avoided through stringent data protection legislation that holds data controllers and businesses legally accountable for the security of the personal data of customers. While the new Data Protection Act, modeled on the GDPR, has introduced such controls, many organisations continue to suffer such breaches.
According to Trevor J. Morgan, product manager at comforte AG, when data is on the move, it is especially prone to mishandling and potential compromise, which means that a more data-centric approach to security should be part of those minimum data security standards.
“Data-centric security such as tokenization and format-preserving encryption replaces sensitive data with benign representational information, so even if it falls into the wrong hands the data cannot be compromised by the wrong parties. For more and more regulatory agencies and individual enterprises, data-centric security measures are now part of minimum data security standards because of the ability to protect data even while in motion,” he adds.