Do you need to TalkTalk about cyber security?
Another week, another high profile example of cyber crime, this time at telecoms company TalkTalk who have had what Police describe as a “significant and sustained” cyber-attack.
TalkTalk has 4 million customers in the UK, all of whom must be concerned about the safety of their personal data. The company has said that potentially all customers could be affected but it was too early to know what data had been stolen.
The TalkTalk attack is a prime example of why organisations that hold large amounts of customer data are so attractive to attackers. The list of customer data that may have been compromised is listed on the TalkTalk website – it makes for scary reading.
The company says there is a ‘chance’ that some of the following could have been accessed:
- Dates of birth
- Email addresses
- Telephone numbers
- TalkTalk account information
- Credit card details and/or bank details
TalkTalk’s Chief Executive, Dido Harding summed up the concern from a customer perspective “the biggest risk is that customers’ details have been stolen and criminals try to impersonate them.”
Along with the adverse publicity (search Twitter for #TalkTalk), the attack could clearly cause potential long-term damage to the TalkTalk brand.
If this attack isn’t bad enough, it appears to be the third one to target TalkTalk over the past 12 months. An earlier data breach in February was an example of ‘insider threat’ attributed to a third party contractor who had legitimate access to customer accounts. In August, the company revealed its mobile sales site had been targeted and personal data breached.
“For TalkTalk, the cost to its reputation is likely to be very serious. Now it is going to have to reassure its customers that its security practices are robust enough to regain their trust.”
The BBC’s technology correspondent, Rory Cellan-Jones
Speaking to BBC News, Dido Harding said: “Unfortunately cybercrime is the crime of our generation. Can our defences be stronger? Absolutely. Can every company’s defences be stronger?”
Ascentor shares this view. Cybercrime has the potential to derail businesses, cause customers undue stress and undermine trust on a huge and costly scale. As the TalkTalk attack demonstrates once again, customer information is a valuable business asset – as is the goodwill and trust of the customers themselves. We believe that any organisation that wants to be competitive, profitable and trusted today must protect its valuable information from a compromise, such as theft.
It is too soon to put a figure on the long term cost of this attack to TalkTalk, but we do have recent data on ‘average’ costs of cybercrime in the UK – and they are growing, rapidly.
A report in the Daily Telegraph in June put the ‘starting costs’ for a major security breach at large organisations at an average £1.46m – up from £600,000 last year. The report said that smaller firms were no less immune to the financial drain caused by cyber-attack. The minimum they could expect to pay last year for the most extreme breaches soared to £310,000 from £115,000 in 2014.
So, if you want to gain a better understanding of the latest cyber security and information risk issues, you’ll find our blog a good place to start.
We regularly write about cyber security topics that affect commercial and public sector organisations – we comment on topical and high profile news stories like the Sony cyber-attack as well as discuss and offer our insight on some of the technical ‘need to know’ issues surrounding the implementation of information risk regulations.
Here are just a few cyber security related articles from Ascentor:
For further information:
If you’d like to ‘TalkTalk’ about any aspect of cyber security, please contact Dave Jamesat Ascentor.
Office: 01452 881712
For Further Information
If you have any questions about the topics we've covered, or would like to have a chat about any aspect of your own cyber security strategy, please get in touch with the team at Ascentor.
Please use the contact details below - also found on our Contact Us page.