Talking the TalkTalk – The TalkTalk Data-breach
The databreach at Telecoms provider TalkTalk has brought into sharp focus the havoc that can be created and the fallout brands experience as a result of a data breach. Especially if as is the case with TalkTalk and parent company Carphone warehouse you are serial offenders.
At the time of writing as a result of the TalkTalk data-breach more than 10% has been wiped off of the groups share price representing some £360 Millions in value.
Tamite Secure IT believe the time has come for companies of all sizes to look at their individual risk and commit to spending on security commensurate with the risk. If you are in the Telecoms industry with lists of customers that include banking details you must realise you are high up on the Cyber criminals list of high value victims.
Between them Carphone Warehouse and TalkTalk have been victims three times this year and in Talk Talks case it really could be three strikes and you are out.
Dido’s Stuttering Performance on TalkTalk Data-breach
Dido Harding Talk Talks Chief Executive is taking lots of flack and rightly so, but the Chief Executive has been either incorrectly briefed or she has been incapable of accurately presenting the situation around the TalkTalk data-breach, maybe she thought nobody understands IT anyway, as some of her statements have been well off the mark; so in case you are reading this Dido.
For your information, the TalkTalk data-breach was not the result of a DDoS attack, data is not leaked as a result of DDoS attacks in fact almost the opposite, your servers are so overwhelmed by incoming requests they are incapable of supplying the data they are supposed to, serving up “webpages”, let alone divulging the contents of the company database.
When you said sequential attack I think you probably meant SQL Injection attack. The second most common database exploit on the net, and you really should have had that one covered.
The fact that a fifteen year old from Ireland has been detained as part of the investigation seems to add weight to the growing feeling that TalkTalk have not been as diligent as they should have been when it comes to protecting customer information.
The possibility that a fifteen year old could have orchestrated the DDoS attack and carried out the SQLi attack is not beyond the realms of probability. DDoS tools can be readily accessed and attacks need surprisingly few resources.
SQLi hardly qualifies as a zero day threat and the information on how to go about it is out there.
Bearing in mind Dido Hardings recent pronouncements that TalkTalk are head and shoulders ahead of their competitors when it comes to Cyber Security we can only fear for the rest of the industry.
Reaction to the TalkTalk Data-Breach
Since the breach TalkTalk’s website has displayed a list of data that is thought to have been released.
On the plus side TalkTalk put their hands up early and made statements to the effect they knew they had been hacked but couldn’t be sure how much data had been exposed, just demonstrated how little confidence they had that it wasn’t all of it.
Baroness Harding said she reported the security breach to BAE Systems and detectives from Scotland Yard’s cybercrime unit are also investigating the crime.
She told the Daily Telegraph: “Do I wish I had done more? Of course I do. But would that have made a difference? If I’m honest I don’t know.
“This is happening to a huge number of organisations all the time. The awful truth is that every company, every organisation in the UK needs to spend more money and put more focus on cyber security – it’s the crime of our era.”
The police are investigating ransom calls to TalkTalk last week seeking payment.
Baroness Harding warned that it would be “naïve” to think an attack like this would not take place in the future.
She told The Guardian: “It would be naive to say something like this will never happen again to any business.
Some financial commentators have already made the point that TalkTalk are by no means in shape to weather this particular storm.
Performing as they do in a tough and competitive environment TalkTalk have been making bold statements about taking costs out of the business and setting tough financial targets for the coming year. Indeed some of these were based on reducing customer churn, they must now have a hollow ring, when put against the cost of rescuing a reputation that had already been damaged by shortcomings in customer services recently highlighted by the telecoms regulator.
Neither Talking the TalkTalk or Walking the WalkWalk.
Ironically Baroness Harding who was elevated last year to the peerage, possibly rashly announced that rather than seeing the position as a cushy extra, Dido Harding is determined to make her time on the red benches count.
Announcing to the press that she is in a race to make the internet safer for children and families. (Read More)
Her shaky grasp of the state of IT in her own company would appear to make her ideal material for her other governmental post UK Business Ambassador for the Technology and Communications Sector.
She has certainly done her bit when it comes to showcasing the state of IT Security in many British companies.
Yesterday TalkTalk came out with a statement to the effect it could have been worse. I think your customers and shareholders might have the final say on that one.
The damage done to the TalkTalk Brand has been immense, it may even have been damaged fatally.
What the Data Commissioner will make of all this is yet to be seen but don’t be surprised if they are inclined to be punitive, wanting to make an example of such a high profile breach.
Also don’t be surprised if the TalkTalk brand is consigned to history as The Carphone Warehouse may seek to dispose of a fatally damaged brand in a fire sale as soon as the dust has settled.
Speak Your Mind