When it comes to protecting the private information housed within your company’s network, it’s been proved time and again that no business can afford to overlook the damage that a cyberattack can do. It’s also worth bearing in mind that an attack can originate from anywhere and, sometimes, the culprit can be a surprising one.
Following the news that British phone and broadband provider TalkTalk had suffered a “significant and sustained cyberattack”, it has since been revealed that a 15-year-old boy has been arrested in Northern Ireland in relation to attack.
The cybercrime, which took place last week, has led to the possible compromising of information relating to more than four million customers. The information includes bank account details and sort code numbers, which could have potentially devastating economic repercussions for those affected. Following the news of the attack, shares in TalkTalk fell by 12% and some customers reported that money had already gone missing from their accounts. It has since emerged that the company could face claims amounting to millions of pounds from the victims. The fallout from the attack, and the drop in shares, has seen the company lose around £360m since last Thursday.
While the investigation continues into how the attack was carried out, the company first indicated that it suffered a sustained DDoS attack – a distributed denial of service attack where a website is bombarded with waves of traffic. This was accompanied by an SQL injection, which is a technique where hackers gain access to a database by entering instructions in a web form. This type of attack is very easy to protect against and some industry experts expressed their surprise at an attack of this form being successful considering the advancements of IT security solutions.
This isn’t the first time that TalkTalk has been the target of cybercrime. In less than one year the company has suffered three security breaches and Dido Harding, TalkTalk’s CEO, stated that she believes all firms are at risk of cybercrime, in what is becoming the “crime of our era”.
“This is happening to a huge number of organizations all the time. The awful truth is that every company, every organization in the UK needs to spend more money and put more focus on cybersecurity – it’s the crime of our era.”
Investigations are currently being carried out by the Information Commissions Officer (ICO) and the Metropolitan police, as doubts begin to surface over whether the company was properly protected or not. An ICO spokesperson stated that “organizations do need to make sure they have the appropriate level of security in place to protect the customer information they hold. If they don’t, we will act.”
With this in mind, a cyberattack on your company won’t just affect its reputation and standing in the industry. It also has the potential to be financially damaging and can lead to long-term trust issues with customers, so we recommend avoiding these common errors committed by other companies in the fallout of a data breach.