Talk Talk, the telecommunications company, have come under ‘Significant and Sustained’ attacks on its system and hackers have gathered an unverified amount of information on its customers. According to media reports Talk Talk do not know what has been taken or how many of its 4 million customers are likely to be affected, but even with the details being fairly hazy, we can learn a considerable amount about the nature of cyber attacks and some of the companies who fall victim to them.
There Is No Such Thing As Victim Blaming
Cybercrime is not like many other crimes where we could say that they could happen to anybody. The targets of hackers are invariably larger companies who hold the most data. Throughout all of the media reporting, none have absolved the company of blame in the same way that a burglary or similar would be.
If a company is hacked it is quite simply their own fault because cybercrime is not a new or mysterious thing, it is scarily common and is something that can be mitigated against. Security experts, firewalls and any one of thousands of actions can be taken to try and stop hacks occurring. It seems that Talk Talk did not take the warnings that we will go into in another point.
When a customer hands over their data to a company the company has a duty of care for that data and through allowing hackers to access their system, they have catastrophically failed in this duty.
Many Hacks Are Not About Data Directly
It was previously thought that the reasons for hacks in general was for criminals to get hold of personal information from the data they stole. Credit card details, passwords etc would be stolen from individuals and then used to steal money and identities from them.
However, banks, credit card companies and even email address providers have wised up to a lot of these actions and instead it seems that the primary motivating factor of hackers today is simply to steal information and then hold it to ransom.
As I write this there is information coming out that Talk Talk have been contacted by the hacker or hackers to demand money to not release the data, which looks to back up this thought. We even saw it with the Ashley Madison hack that the ransom demands weren’t even monetary, they were simply trying to influence the company to take specific action.
In that case due to the company not complying the data was released and the damage was made considerably worse, which may actually strengthen the position of future hacks in the future. It showed that these were not simply empty threats and that hackers were willing to follow through on their threats.
Some Companies Do Not Learn
The most painful thing we get from this hack is simply that some companies do not learn.
With some companies, although they have not taken the time to fully research and implement security effectively, their lack of preparedness could be put down to them not having been in the firing line in the past. If you are attacked once you normally take note and beef up your security instantly.
Talk Talk have not had one, but two hacks in the last 18 months that are currently being investigated by the police. This means that not being aware that their system had flaws isn’t an excuse and in the 2.5 months since the last attack, they have not put themselves in a position to effectively protect their customer’s data.
Possibly worse than this, they have admitted that some of the data that was stolen wasn’t encrypted despite the two previous attacks. This makes it much easier to use and steal and so the question needs to be asked about why they kept this data in this form?
This makes this data loss inexcusable, but we can learn one thing from it, mainly that companies who ignore the safety of the customer’s data are likely to be punished, hopefully many will learn from this hack and the repercussions that Talk Talk are likely to have.