Author Gary Hibberd
This week (Tuesday 20th October) Agenci proudly hosted a cyber security conference which was attended by over 150 delegates. At the conference speakers emphasised the importance of having good cyber security in place. During the breaks I emphasised the importance of connecting with people in the room, my words were somewhat prophetic.
“It’s good to talk. So talk about Cyber”
On Wednesday 21st October “TalkTalk” disclosed that they had suffered a major security breach which the police are now investigating. The Police have said that the “significant and sustained cyberattack” may have exposed over four million UK customers banking and personal details.
Information including names and addresses, email addresses, dates of birth, TalkTalk account information and of course Credit and Debit card details.
The attack was carried out against the website of the telecoms company and investigations are continuing. This is worrying for a number of reasons.
It has been reported that this occurred on Wednesday this week and customers have already been informed. This is good news. Good to see a company taking the initiative and informing its customers, in the hope that the customer will take appropriate actions to protect themselves.
The fact that TalkTalk have taken the initiative to inform customers is a good thing (of course) but this does indicate that the breach is a significant event as this kind of communication is not the norm (call me a cynic but the impact on reputation is ALWAYS a consideration in these kinds of events).
The attack on the website was carried out using a DDoS attack. Normally at this point I would explain what a DDoS is, but not today.
DDoS attacks are so common that anyone running a website or use a company that has a website (which I think most of us do), then I would encourage you to find out what a DDoS is for yourselves.
Although all the facts are yet to be revealed my concern is that DDoS attacks can be protected against – they are so prevalent that there are a vast array of tools and services that help businesses protect themselves. DDoS is commonly used to create ‘noise’ whilst an attack is taking place elsewhere. The key word here is ‘commonly’. It’s a known technique. It’s a known ‘attack vector’ (to give it its security term) and therefore the TalkTalk team should have considered this and had measures to protect against it.
Conclusion: It’s STILL Good to Talk(Talk) about Cyber
I’m encouraged by the fact that TalkTalk have informed their customers. Finally a company has put its hand up and admitted they’ve had a breach. It may appear that my blog is a criticism of TalkTalk’s security team, but it is not. In fact what I’m saying is that there needs to be an increased investment in protection against such common attacks.
Boardrooms and the ‘c-suite’ need to invest time in understanding information/cyber security. Monetary investment isn’t enough. They need to Talk(talk) to their security teams.
Agenci Information Security is responsible for protecting businesses from cyber threats, cyber-attack, internal threats and business outages. Agenci Information Security ensures clients systems are secure and provide peace of mind through a range of proven specialist information security solutions.
If you want to contact Gary please click here, or email him @ firstname.lastname@example.org . You can also call him on 0845 4133 666
If you would like to attend our Cyber Security Conference in 2016 please follow this link