Author Gary Hibberd
Another day… another data breach. If you’re a customer of Carphone Warehouse then you may already be aware that 2.4million records have been stolen following a cyberattack. Of these some 90,000 may have had encrypted credit card details accessed. Quite alarming isn’t it?
Of course it’s a concern and it has left many to ask how this could happen, why it took so long to discover the attack and why customers mostly got to hear about it through social media. Like many Security practitioners I’ll be watching closely to find out what went wrong in order to understand how I (and my clients) can ensure we’re not the next victim. So far, for me it has only raised a wry smile when I read that this was a ‘sophisticated cyberattack’. What else can they say?! They can’t say “It was a really easy attack.”! But of course this is a serious matter and I take this as serious as the next practitioner… but how seriously are those 2.4million and 90,000 customers taking this? Are they now monitoring their bank accounts more closely? How about changing passwords they’ve had for years? No? How about other businesses in similar industries? Is this a wake-up call?
Be honest – How good are YOU with security?! If you run a business I’d like to hear about your security capabilities. How do you train your staff? What technical controls are in place? What about destruction of records? What about your Crisis management plans? All documented and up to date? What has the latest (of many) security breaches taught you already? Are you now reviewing your security processes so you’re not the next victim? Yes? No? People in glass houses really shouldn’t throw stones.
Before we cast the stones in the direction of Carphone Warehouse and others like them, I would urge each of us to look to ourselves and ask some questions of our Security capabilities. I warrant most of us would find ourselves coming-up short.
Now if your answer is “We’re ISO27001 certified” I would still ask how engaged you are with the standard. Being ISO27001 certified and being “Security Pro-Active” can be a gulf apart and the larger the organisation the more pronounced this gap can be. Often ISO27001 (the Information Security standard) is seen as the remit of the IT director or the Compliance team with the Board only having the the most vague understanding of its use and its importance.
There are no silver bullets in Information Security. There is no “100% secure”. All you can do is take steps to ensure confidentiality, integrity and availability of information that is entrusted to you. How you do this will differ from the company/person next to you. But don’t go throwing rocks at others or condemnation (on Twitter) at those who have suffered a breach. Because you could be next – and then you’ll be the one dodging rocks. Good luck!
Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.
Speak to a member of the team now on
03455 760 999
We would love to help you, ask for Stuart: