TheMarketingblog has sourced this expert comment on the Talk Talk cyber-attack
Mark Skilton, of Warwick Business School, is a Professor of Practice of Information Systems and is an IT consultant.
Professor Mark Skilton said: “Large scale data theft is increasingly big business for professional cyber criminals. The value of personal identity data records and account details is increasingly high as it can be used in masquerading identity to commit theft of other data; or give direct access to personal bank account money and fraudulent transactions.
“It was reported that some of the Talk Talk data was not encrypted, suggesting again that lessons have not been learnt on controlling sensitive content. This is a reoccurring theme of data breeches and shows a lack of strong data controls.
“Talk Talk appear to have learnt the lesson of a quick media response to manage the damage to reputation that Sony, Target and others suffered after delaying days and weeks to tell customers, which compounded the damage to their brand.
“Talk Talk have alerted banks to the theft but this is too late as it will already be on the move in the cyber-criminal community. All that can be done now is to rapidly change the ‘locks’ and identity management of the millions affected but that’s not easy.
“For customers, if your Talk Talk username is your email address and you use that email and password combination anywhere else, change it immediately wherever you use it. And make your Talk Talk password unique to that site from now on. The attackers may still be in there.
“Check frequently for odd activity on sites where you use the same Talk Talk log-in credentials. Go back over your online bank account and check for any transactions you don’t recognise.”
More comment..
TalkTalk’s website has been the target of a cyber-attack and over four million UK customers banking details and personal information could have been accessed.
With TalkTalk planning to contact its customers through email, please see below a comment from Darren White, VP of EMEA (pictured) at Agari analysing the challenges of contacting customers through email following a data breach:
“The one-two punch of a data breach means that the worst may not yet be over for TalkTalk customers – identity theft rates exceed a quarter of customers of breached organisations, and the details that hackers have accessed in this breach make these victims a prime target for further damage. If email addresses have been leaked, cybercriminals will now be jumping at the chance to target TalkTalk customers with spam or phishing efforts in an attempt to steal additional personal information.”
“The key for TalkTalk is to now rebuild customer trust in its breach response.”
“Firstly, keep it simple: TalkTalk must choose one simple, easily communicated email address that’s easy for customers to remember for post-breach communications.
It also must be clear how the email will direct them to take action – but it must never ask them to click a link in the email. TalkTalk must also further introduce security controls and solutions that monitor for any authorised communications referencing its brand and ensure only authenticated emails from their brand reach their customers.”
“Finally, this plan must be communicated clearly to customers through the media and social channels, including when and from which email address communications will come from, expectations for the content in the emails, and clarification of the action that needs to taken. Only by having an effective and secure post-breach email response plan can consumers regain trust in the brand.”
