The topic concerning many is the latest cyber-attack on telecommunications group TalkTalk which has not just affected the business but has put its 4 million customers at risk
The past year has seen some atrocious cyber-attacks with the likes of Sony, Carphone Warehouse, Ashley Madison and most recently TalkTalk being targeted. It has opened our eyes to the reality that is cyber-crime and the fact that turning a blind eye will not make it disappear. It was only last week that the Office for National Statistics published a report stating that crime is decreasing but cyber-crime is on the increase. What is especially worrying is the fact that these statistics are based upon those reported cyber-attacks. However, with smaller businesses more vulnerable to losing their reputation if they report such crimes it is unclear just how many cyber-attacks have actually occurred this year. The Information Security Breaches Survey 2015 conducted by PwC state figures for large organisation breaches are around a shocking 90% and small business breaches are 74%. But with larger organisations such as those aforementioned stealing the spotlight it is easy for small companies to mistakenly believe they are too small to be hacked. Hopefully, with cyber-crime being talked about more and more, people from all sized businesses will realise just how fundamental cyber-security is.
The topic concerning many is the latest cyber-attack on telecommunications group TalkTalk which has not just affected the business but has put its 4 million customers at risk. The Chief Executive, Dido Harding has admitted the company could have done more in terms of protection but with this being TalkTalk’s third cyber-attack of the year you would have thought she would have realised this sooner. When asked if the stolen data was encrypted Harding replied saying she did not know. However, this is something she should have not only known but ensured. If data is encrypted it adds an extra level of security so if it does happen to be stolen it will not be able to be used. Worried and angry customers have commented that “this is happening too often” and are cancelling their contracts meaning an extra headache for TalkTalk in lost customers and a diminished reputation.
So how did this cyber-attack happen? Initially, the company reported a DDoS (distributed denial of service attack) where a website is bombarded with waves of traffic. However, this did not explain why there was a loss of data. TalkTalk then declared there had also been an SQL injection. This occurs by hackers gaining access to a database through entering instructions in a web form. What is most shocking is that this is not a sophisticated form of attack and can be prevented with quite simple security measures and many security analysts were shocked that any large company could still be vulnerable to a SQL injection.
Though TalkTalk have stated that the attack was ‘smaller than initially thought’ as, for example, credit card numbers had not been available to hackers, we do not know how much of the data was encrypted so it is unclear how many customers are at risk. Despite the attack being ‘small’ still means that TalkTalk will face lengthy measures in rebuilding its brand, trust from its customers and employees and ensuring that prevention strategies are in place to avoid having a fourth attack.
So if your business, no matter how big or small, houses confidential data you need to think about whether you have cyber –security measures in place to avoid falling victim to cyber-crime. If you would like to know more or how we can help you please do not hesitate to contact us.