Talktalk data breach

The TalkTalk data breach, a record £400k fine and a warning to others

00Cyber Security, Data breachTags:

The TalkTalk Data Breach

On the 21st October 2015, TalkTalk became aware of a major security breach.  Over the following days and weeks, the severity and magnitude of that breach filled the headlines of the British and International newspapers. More than 150,000 users saw their personal information leaked. Of those, more than 15,000 users saw their bank account details compromised. 

“failed to apply software patches to a database, fixing a known exposure that had been identified more than 3.5 years prior to the breach.”

The next day, TalkTalk informed the Information Commissioners Office of the data breach. The TalkTalk data breach has cost about £60m and contributed to the loss of over 100,000 customers. The police are still questioning 6 individuals (all under 21 years of age) in relation to the crime.

The ICO Investigation to the TalkTalk data breach

Now TalkTalk is back in the headlines as the ICO issues a record-breaking fine of £400,000, due to security failings that allowed a cyber attacker to access customer data “with ease”. The ICO investigation found that the attack could have been prevented if TalkTalk had taken basic steps to protect customers’ information. Worryingly, TalkTalk failed to apply software patches, fixing a known exposure that had been identified more than 3.5 years prior to the breach. The report highlights that there were two additional attacks 12 weeks before the October breach which had not been detected. More info

Yahoo Data breach

Lessons from the Yahoo data breach

00Cyber Security, Data breachTags:

Lessons from the Yahoo data breach

Once again the headlines are dominated by news of another major breach, unsurprisingly it’s Yahoo data breach which has been made apparent.

What happened at Yahoo?

It’s a massive data breach, making Talk Talk, LinkedIn and Ashley Madison look tiny – 500 million records have been breached in what is being reported as a ‘state-sponsored’ hack with rumours of involvement from China, Korea or Russia. The breach occurred at some point in 2014 and impacts not just users of Yahoo, but potentially Sky and BT users as well.

Yahoo Data breach raises so many questions 

It is clear that this story will continue to run for many weeks and months. It raises so many questions; how much Yahoo knew? When did Yahoo found out? Why didn’t Yahoo recognise that a breach had occurred? And why do Yahoo think it was a state sponsored attack, given the data has found it’s way to the dark web?

I’m sure the new owners of Yahoo, the well respected communications company Verizon, will have many more questions. More info

Cyber security whose responsible?

Who is responsible for Cyber Security?

02Cyber SecurityTags:

So just who is responsible for cyber security? Earlier this week we re-tweeted a great article from the Cyber Skills Centre about who is to blame for the current issues and challenges with cyber security in organisations.

Controversially the author, Stuart Wilkes, suggested that responsibility resides with the IT Director and not the software provider or the Criminal. Reading the article, his argument was logical and well structured. As Business Leaders, the IT Director have the responsibility for ensuring security is included in the design of systems, that they communicate with the Board / their Clients, on trends within the industry, that they are responsible for recommending changes in process and practice in the organisation and so on.

The article created much discussion at Risk Evolves HQ.

Should the IT Manager shoulder 100% of the cyber security blame?

Absolutely not! We’d like to suggest that we go one step further and suggest that as Employers and employees we have a major responsibility as well. Let me explain.

We were out and about the other week and stopped to use a ‘free Wi-Fi’ service at a coffee shop (we drink far too much coffee!). In order to gain access (mindful of the advice provided by GetSafeOnline), you had to share some details :

  • Email id
  • Name
  • House number
  • Postcode
  • Telephone number
  • Date of Birth
  • Gender

Wow – just for ‘free’ Wi-Fi ! According to the small print,  the data would only be used for ‘marketing purposes’ and you could of course un-subscribe at any time. But as consumers, would you really give this data away ?  Who has it ? Where is it being kept ? Think about what it could be used for in the wrong hands ?  Would you walk up to a stranger and give them a piece of paper with this information on ? Perfect for id fraud. All the information required to apply for credit cards or a bank account.  Needless to say, we didn’t share our information – but would you ?

Reducing the risk of cyber crime is MUCH MORE THAN JUST AN IT CHALLENGE.

More info

cropped-icon_logo512.png

March Newsletter

30NewsletterTags: , , , , , , , , , , , ,

Fraud Risks for SMEs

Welcome to the March edition of our newsletter !

Thank you to everyone who came to see us at the Business Shows earlier this month, and to all the attendees at the seminar that we gave on ‘Why Cyber Security isn’t just the responsibility of your IT Provider’.  It was a good interactive session with a lively debate on the challenges that companies face in understanding and dealing with the size of the risk. As we’ve highlighted in previous newsletters, cyber crime is unfortunately here to stay and prevention continues to be far better than the cure. If you missed our presentation and would like us to talk to your organisation to discuss solutions with you, then please contact us on 01926 800710.

More info

cropped-icon_logo512.png

February Newsletter

30Latest news, NewsletterTags: , , , , , , , , , ,

2016 Risk Predictions

January always sees a flurry of predictions of the year ahead and this year was no exception. The full report from the Institute of Risk Management is here; however they highlight key risks as:

  • Cybersecurity
  • Oil price fluctuations and related political instability
  • Austerity measures: continued impact
  • Disruptive business models in the financial sector
  • Bribery regulation and corruption

More info