When we last discussed cyber security the point regarding high profile companies being hacked was a relevant one and
now with the latest incident regarding TalkTalk, it has just been hammered home
once more. This short article discusses what happened and how we can all learn
from it
Short version of what actually happened
TalkTalk do not know how many of its 4 million customers
have been affected by the data breach, but what we do know is that the
cyber-attack which took place on Wednesday, 21st of October,
affected people’s names, addresses, bank account numbers and sort codes. As
TalkTalk put it on their website, these details ‘may have been accessed’. TalkTalk
were hacked, the hackers attempted to blackmail them, they refused to pay and
reported the breach.
What can we learn from it?
If there is only 1 thing to learn from it, it’s that system
data must be encrypted. Most systems have debit/credit card details encrypted,
but the possibilities to take advantage of other customer data these days is
enormous. There is a thriving black market for stolen data, and you don’t even
have to go to the Darknet to get it, it’s readily available online.
The other thing to take way from the TalkTalk incident is to
have a proper post-breach response plan, this should include quick distribution
of accurate information to the relevant parties (customers and authorities),
allowing the proper assistance if required, but also to lessen the impact on
your customers and begin the process of rebuilding their trust in your
organisation.
George Toursoulopoulos is a technology specialist and CEO of Synetec, one
of the UK’s leading providers of bespoke software solutions.
