Expert comment: TalkTalk cyber-breach

Experts comment on the TalkTalk cyber-breach.

For the third time, UK telecoms provider TalkTalk has fallen victim to a cyber-breach and there could be as many as four million customers affected. Was it an inside-job? Is TalkTalk handling it right? Here at IDG Connect we gathered some experts to give their take on what happened and whether TalkTalk will be able to recover.


An inside-job?

Mark Rodbert, CEO of Idax Software

Unlike with Ashley Madison a few months back, the team at TalkTalk is suggesting that the breach is an external issue. Typically companies blame cybercriminals in order to quickly take the blame and pressure off of themselves. For breaches to happen three times in one year though, I'd be surprised if there wasn't some sort of internal involvement either unwitting or deliberate. Companies prefer the idea of the evil genius hacker, to the trusted employee gone rogue.

How did the hack happen?

Raj Samani, CTO for Intel Security EMEA

Initial reporting suggests that this attack leveraged DDoS as a potential smokescreen to hide the cyber criminals ultimate goal – data theft on a huge scale. While it is too early to draw conclusions, we know from previous incidences, such as Operation Troy, that this tactic has been successfully used in the past. Whatever the attack method used, potentially affected customers will understandably be more concerned with finding out whether their data has been compromised.

Will TalkTalk’s reputation be able to recover?

Gerard Bauer, VP EMEA, Vectra Networks

Unfortunately, consumer confidence in the TalkTalk brand and services may now be threatened, especially given this is the third time TalkTalk has been the victim of hacking in the last year. The company may also have further liabilities and costs they have incurred from these breaches. For example, it has been working to put in place credit and fraud monitoring for every customer in the past 13 months.

Stephen Attree, Managing Partner at MLP Law

The Ashley Madison breach affected loss of trust and so on. Depends on the nature of the business. Businesses need to review their crisis management plan to be able to deal with it and we help clients with that. Reputations can recover and I think TalkTalk will survive.

A warning to companies

Richard Parris, CEO of Intercede

It really is time that these major businesses gave the issue the attention it deserves – they need to stop relying on simple password-based authentication and to start applying enterprise grade solutions. Protecting customers’ private data should be a top priority for any organisation. Failure to demonstrate that adequate safeguards are in place will inevitably result in customers, and revenues, disappearing.

What customers should do next…

David Emm, Principal Security Researcher at Kaspersky Lab

I would recommend that all TalkTalk customers take the opportunity to change their passwords - including changing them on any other sites where the same password has been used. It’s a growing concern that many use the same password and personal details across multiple online accounts, meaning if their details have been compromised by one attack they could find other accounts suffer too.

On how TalkTalk handled it

Richard Beck, Head of Cyber Security at QA

TalkTalk should be applauded for their approach in dealing with this particular incident and declaring it to the public within 24 hours. Carphone Warehouse and T-Mobile had a much lengthier delay before informing the public about any breach. I think [TalkTalk’s] approach in this particular incident is good.

Organisations are still failing to be as prepared as they could be. Teaching organisations how hackers think and operate will help them be better prepared. Only by thinking about what hackers would do – you can plan for the inevitable.