The latest news and opinion regarding the TalkTalk hacking.
Talk Talk. Where do we start? Well, the first thing to note is that the media asking whether the data was encrypted is a bit irrelevant. Because if the hackers have gained access, then they’ve presumably gained encryption keys. Encryption of data is usually in place to protect sensitive data being sent or stored on an untrusted medium such as over the Internet or on a laptop that could be lost or stolen.
It’s unrealistic to expect all data to be encrypted even on a trusted network – it would make day to day use difficult. The questions that should be being asked are, when was a security audit and penetration test last carried out; what were the results of these and were recommended actions all implemented in a timely manner; are NGFWs in place between trusted and untrusted networks; are anti-malware measures in place?
Whilst we, as individuals all now know that cybercrime is on the rise (you’d have to be living in a cave to not know this right?) and so a lot of us are taking steps in a personal lives to ensure we’re not the victim of cybercrime. But are businesses taking heed in the same way? The short answer is probably not.
Today it was announced that a 15-year-old boy, from County Antrim in Northern Ireland, has been arrested and has now been released on bail. So is he the criminal mastermind attempting to bring down big corporations? Of course not, but it does highlight the fact that the barrier to entry for such criminal activity is lower than it’s ever been with criminal organisations ‘recruiting’ (and we use this term in it’s loosest sense) individuals to distribute and conduct their illicit activities.
What is most worrying is the type of attack it was. It hasn’t taken a criminal mastermind to successfully attack this company. Both methods of attack, DDoS and SQL injections, are unsophisticated and could have been prevented by having basic cyber-security prevention strategies in place.
So what is the minimum you need to do to protect your business? Equilibrium Security provides businesses with cyber-security solutions so have a chat to see how cyber-risks to your business can be mitigated.Insert one or two sentences here that will entice the reader into reading the rest of the article.
Write the rest of the article from this sentence on. It can be as on as you like but try and consider the reader and how much they will feasibly read.
