Skip to main content

Three data breach: Industry reaction and analysis

The big news so far today has been the admission by mobile operator Three that it suffered a data breach, as hackers accessed customer information in an attempt to steal handsets.

In light of the reports, various industry professionals have offered their reactions and analysis.

Andersen Cheng, CEO of Post-Quantum:

"Over the last few years scores of businesses have been brutally exposed to insider threats, often with devastatingly public consequences. This is because too many digital security offerings are deployed primarily to protect against external threats and as such, are insufficient when it comes to dealing with attacks that happen from within an organisation.

"Three is just another example in a long line of similar incidents, including most recently Tesco Bank and at a larger scale Mossack Fonseca, the law firm at the centre of the Panama Paper leaks. All have one thing in common – a single point of failure from within their organisations that was readily exploited. Organisations must reconsider how they protect their highest-value data and intellectual property and who accesses it as there is a risk someone who works at the company was either part of a criminal gang, or was careless with critical logins. They have to assume data will be stolen or compromised, however secure they may seem and however loyal an employee may be."

David Kennerley, director of threat research at Webroot:

“This is attack has echoes of the breach TalkTalk suffered and highlights the fact that organisations are still not learning from the mistakes of their peers. A recurring theme were are seeing with these breaches are that the organisations aren’t discovering them first. In Three’s case they were alerted once their customers complained of scam calls and earlier this week AdultFriendFinder only discovered they’d suffered an attack once details was leaked online.

"All companies, especially those dealing with sensitive customer data – must balance their security resources against their risk tolerance, and look at threat intelligence solutions that provide them with the greatest scope of protection. One thing is clear, the rate in which these breaches occur cannot be tolerated and all organisational need to assess if their customer data is really secure.”

Dr Jamie Graves, CEO of ZoneFox:

"While details are still emerging around the Three attack, most suggestions point towards the fact an employee login was used to gain access to critical information. This is seriously worrying for Three and highlights the danger of insider threats, which in effect open a backdoor for criminals to burst through and get hold of highly sensitive customer data.

"Attacks like this often happen stealthily and wreak havoc rapidly – it's important companies become more alert to such breaches and realise that they are all vulnerable. Too many businesses focus on threats that come from outside their organisations, which while a warranted focus, simply does not cover all their bases.

"Insider threats can stem from both malicious behaviour from within, but also through unintentional carelessness from even the most diligent of employees. Organisations like Three must ensure they are educating all staff to the importance of secure login details, but also go a step further and ensure they have visibility and control of data flow, within the organisation, so that any unusual or suspicious behaviour can be immediately uncovered and combated."

Dan Panesar, VP EMEA at Certes Networks:

“The Three breach bears the hallmark of every major data breach of the last decade – hackers have stolen credentials to gain unauthorised access to sensitive data. They can then bypass firewalls, intrusion detection and a host of other defences becoming a ‘trusted’ insider at which point traditional cybersecurity defences are rendered useless. It means that anyone at all within an organisation can become the steppingstone to a goldmine of sensitive data. 

"The only way to halt such breaches is for the industry to rethink trust. The industry needs to adopt a “Zero Trust” model in which it is assumed that every user might be compromised, and that no user is implicitly trusted. Any user might be a hacker in disguise. Organisations must adopt a ‘need to know’ access strategy, meaning users can only access the data they need to do their job.

"This means that when, not if, a hacker does pass a company’s outer defences, as has happened time and time again, they do not have free rein over the systems of a company holding the personal data of millions of customers.”

Greg Sim, CEO of Glasswall Solutions:

"The cyber-attack really highlights the constant threat companies face from cyber criminals and the importance of robust and measurable cyber security system across all areas of their IT systems. This is a 24 7 challenge that is not going to go away and as custodians of customer data and financial information companies must put cyber security front and centre in their business and technology planning.

"It’s no longer good enough to simply roll out the usual security products and assume that you will be safe, by their own admission the anti-virus industry have accepted that they cannot stop a targeted and sophisticated malware attack and an entire industry has grown out of the forensic analysis and damage limitation tasks. But by the time this process takes place it could be too late and customer data is compromised. Organisations need to look to innovation to secure their systems and protect their customers."

Thomas Fischer, threat researcher and security advocate at Digital Guardian:

"Insider threats are almost always preventable if the right people management processes and tools are in place. This is the case even if the employee is a so-called reluctant insider, meaning that, for example, an external party has compromised their account. There are numerous technologies out there designed to combat insider threats and small investments can go a long way. 

"Deploying data-aware cyber security solutions removes the risk factor associated with the reluctant insider threat because even if a hacker has legitimate access to the data, they are prevented from copying, moving or deleting it without approval. The issue is that companies continue to spend millions on blocking technologies that simply do not do the full job. Until the right investments are made in more advanced threat detection and prevention, hackers will remain one step ahead.”

Paul Lyden, VP Northern Europe at Barracuda Networks: 

"All businesses have a duty of care to ensure that they have robust security systems in place to protect their own and their customers’ data. The latest hack against Three highlights that not enough is being done to get the correct security procedures and systems in place. We are entering a golden age for digital crime. Experience tells us that when faced with a potential security incident, companies and IT security teams must over-communicate the threat, advise staff accordingly and review their security posture to prevent and contain any damage.

"Businesses have injected change at accelerating speed into all elements of IT and many organisations are fighting an increasingly challenging battle to keep their security stable. It has now become easy for attackers to find an unprotected door.”

Image source: