TalkTalk’s Data Breach



The news that phone and broadband provider TalkTalk had their website hacked on Wednesday is the latest in a string of breaches in recent years which draws scrutiny to how seriously organisations are managing their information security risks.

Speaking to the BBC, cyber security expert Professor Peter Sommer suggested rapid growth could be blame for the breaches. Indeed, it is the third cyber attack to affect TalkTalk customers over the past 12 months.

The affects of this particular attack are huge, TalkTalk’s four million strong customer base face the news that their personal details – including credit card and banking information – might be compromised. The news triggered a huge surge in calls to their customer service team, with resulting frustration being aired on social media.

As a result of the news, the company’s share price fell by 3.9% within days. However, the major concern for TalkTalk will be how many existing customers this will cost them in the long run, despite the offer of a year’s free credit monitoring in order to try and retain their loyalty.

Why were TalkTalk targeted?

With four million customers, TalkTalk are required to store large amounts of personal data. As a result, they and other large businesses will always be popular targets for cyber criminals. Despite Managing Director Tristia Harrison stating that the company constantly reviews and updates their systems to ensure they are as secure as possible, inevitably attacks are becoming both more sophisticated and frequent – no one is 100% secure.

How can businesses protect themselves?

This month also saw The National Crime Agency (NCA) revealing that £20m has been taken from UK bank accounts due a computer virus known as Dridex, which worldwide has caused over $100m of losses.

The news highlights that small businesses and individuals are vulnerable because many aren’t taking simple precautions. This is despite there being a very real threat to SMEs, with Government data showing that 60% of small businesses experienced a cyber breach in 2014.

Dridex – which is a form of malware installed through spam emails – show that huge investments in technology aren’t always the answer; in this case it is simply a lack of education.

It’s also important to remember the full scope of information security. It’s not just cyber criminals that you need to watch out for; former employees or suppliers can do your business harm by accident, malicious intent, or negligence.

How can businesses protect themselves?

Government initiatives such as Get Safe Online provide lots of advice on staying secure, as well as links to useful anti-virus tools.

To help form a strategic plan on dealing with your potential information security risks, the internationally recognised ISO 27001 standard sets out requirements for placing security controls, the monitoring of their effectiveness, meeting legal obligations, and ensuring the right people have the right levels of access to certain information.

ISO 27001 is experiencing wider recognition, with the UK seeing the strongest rate of adoption worldwide due to certification to the standard increasingly being stipulated in public sector tenders. Unsurprisingly, the IT sector shows the highest amount of take-up, although recruitment firms, solicitors and other professional services companies which manage personal details are coming under increasing pressure to demonstrate they are taking the security of their clients seriously.

For more information on ISO 27001 certification, you can visit our dedicated webpage or call our award-winning team free on 0800 404 7007.