Tuesday 27 October 2015

Cyber Security & Learning from TalkTalk


When we last discussed cyber security the point regarding high profile companies being hacked was a relevant one and now with the latest incident regarding TalkTalk, it has just been hammered home once more. This short article discusses what happened and how we can all learn from it

 

Short version of what actually happened

TalkTalk do not know how many of its 4 million customers have been affected by the data breach, but what we do know is that the cyber-attack which took place on Wednesday, 21st of October, affected people’s names, addresses, bank account numbers and sort codes. As TalkTalk put it on their website, these details ‘may have been accessed’. TalkTalk were hacked, the hackers attempted to blackmail them, they refused to pay and reported the breach.

What can we learn from it?

If there is only 1 thing to learn from it, it’s that system data must be encrypted. Most systems have debit/credit card details encrypted, but the possibilities to take advantage of other customer data these days is enormous. There is a thriving black market for stolen data, and you don’t even have to go to the Darknet to get it, it’s readily available online.

The other thing to take way from the TalkTalk incident is to have a proper post-breach response plan, this should include quick distribution of accurate information to the relevant parties (customers and authorities), allowing the proper assistance if required, but also to lessen the impact on your customers and begin the process of rebuilding their trust in your organisation.



George Toursoulopoulos is a technology specialist and CEO of Synetec, one of the UK’s leading providers of bespoke software solutions.