Opinion: After TalkTalk, What Next?

Reports that a cyber breach at UK telecoms and broadband supplier TalkTalk has compromised four million customers’ personal and financial highlights the vulnerability of most UK companies to a major hack.

Even if TalkTalk pays the hackers the ransom demand they have requested, there is no guarantee that its most sensitive customer data may not be released anyway or put up for sale to the highest bidder via the Dark Web.

This has the potential to cause TalkTalk, which has already seen its share price plummet in the wake of the well plublicised attack, significant reputational and financial damage. Some companies have already been forced into liquidation following a major breach of this nature, particularly when their unique intellectual property has been stolen or destroyed.

However, the way companies react to a major cyber breach such as that reported by TalkTalk is crucial in helping them survive this type of incident. They must strike a fine balance between keeping their customers up to date on whether their personal details have been compromised while trying to minimise any reputational damage arising from the incident.

Locate the source of the breach

It is also important that organisations discover how the security breach occurred to prevent a repeat attack, which can occur within days or even hours of the original breach if the right steps are not taken. It is a disturbing fact is that around four-fifths of cyber security breaches can be traced to sources inside the company. Sometimes this can be the work of a disgruntled or dishonest member of staff or it may be that a staff member has unwittingly clicked on a booby-trapped email attachment or had their log-in details stolen. Best practice software such as KCS Sentinel, powered by ZoneFox software, can now detect the source of any data leaks as they occur and in real time.

“The use of software tools that can provide detailed forensics, are crucial to helping them figure out what happened quickly. Speed is of the essence in order to get their own systems back in order and fix the security flaw, but also to give comfort to their customers and formulate a response,” says ZoneFox chief executive Jamie Graves.

Staff training is essential

While using up-to-date security software is crucial, staff training is also essential as many members of staff can easily be duped by sophisticated cyber fraudsters. Hackers typically target key members of staff with bogus phone calls and emails designed to trick them into revealing their log-in details and passwords. Staff using public Wi-Fi networks in cafes or hotels are also at risk from hackers.

The IT needed to sit on a public network can be purchased via the internet for around $100. The practice of BYOD in many companies has also opened a window for hackers who can easily download software from the Dark Web that is capable of breaking into most off-the-shelf devices and operating systems.

Organised criminal groups (OCGs) now also use highly sophisticated social engineering to trawl the Internet, capturing large amounts of personal data on key members of staff from websites such as Facebook before formulating an orchestrated attacking.

Typically, this takes the form of a ‘phishing’ attack, where an email appearing to come from a trusted source and requesting privileged information is sent to a targeted member of staff. A variation of this type of attack, known as ‘vishing’, comes in the form of a phone call, frequently made at the end of Friday afternoon when staff may be tired and rushing to finish work before the weekend.

The three pillars of cyber security are: firstly, deploying best practice security software – old-fashioned anti-virus protection is no longer sufficient; secondly, training staff to learn to be wary of unsolicited communications and of releasing too much personal information on the Internet; thirdly, having a clear crisis management strategy in place prior to an unexpected security breach.

Ex-MI5-chief Lord Jonathan Evans also recently suggested that organisations such as banks should also investigate the Dark Web, where many cyber attacks are being planned on secret forums and where much of the sensitive data stolen from organisations is auctioned off to the highest bidder.

The safest way to do this is to deploy third-party services such as KCS Egeria, which uses deeply embedded sources within the Dark Web who have discreet access to criminal forums and websites.

Stuart Poole-Robb is the chief executive of business intelligence and cyber security adviser, the KCS Group