Skip to main content

What can we learn from the TalkTalk hack?

The TalkTalk hack is reputedly going to cost some £35 million in one-off costs, according to the company.

But it will not stop there. Reputational damage, share price drops, the loss of customer trust and loyalty, the list is likely to go on and on.

"Preventing cyber-attacks can be expensive but doing nothing to prevent them will cost considerably more, as we have seen", says Colin Tankard, managing director of data security company, Digital Pathways.

So what can be learnt from the TalkTalk debacle?

Tankard lists the following six key points to consider:

1. It seems that TalkTalk was exploited through a well-known vulnerability that would indicate poor patch management of its systems. If they could not patch, due to the age of the application, then they should have ring-fenced their server. Make sure you keep up to date with any patches.

2. Had TalkTalk been reviewing its server log data it should have been alerted to unusual behaviours. It is possible that its server team were ignorant of, or ignored, these alerts. Organisations should have multiple ways to alert key stakeholders within the business so that senior managers/governance officers/boards can question non-action.

3. It looks as if TalkTalk did not have a ‘thought out strategy’ to handle such an event. Their response to the act was slow, their approach to the press was unstructured and they allowed not only brand damage but also personal damage to its CEO, Dido Harding. All organisations should have a robust and fit for purpose disaster recovery plan to fall back on.

4. It seems as if TalkTalk had suffered four previous hacks. For context, TalkTalk has not been the subject of four hacks in the last year. In December 2014, one of TalkTalk’s third party suppliers suffered an internal data breach which meant that some limited, non-financial customer information was illegally accessed. In August 2015, Carphone Warehouse, which hosts the website alongside a number of others, was subject to a cyber attack, not TalkTalk. This should have alerted them to the fact that they needed to strengthened their defences. It is likely they thought it would not happen again. This is always a bad assumption to take. Companies should have a clear strategy with absolute support of the board.

5. The cost of a breach can be vast, as we see in this case. The lesson to learn here is that investing in the best security systems has to be ‘a must’ and not a ‘like to’.

6. Finally, the TalkTalk hack shows just how open networks are. Organisations need to start to ‘cloak’ or hide parts of their network so if one area is compromised the rest is protected. Creating a 'honeypot' in order to attract would-be hackers to a server, where they can be monitored, allows the organisation time to think through a strategy to stop the hack or to bring in law enforcement teams in order to pursue the hacker through forensic means.

Tankard adds, "The TalkTalk hack, devastating as it is, is just one of hundreds of hacks everyday. No company can ignore data security issues anymore. If they do, the consequences can be dire, as we have seen".

Colin Tankard, managing director, Digital Pathways