Networks Europe Jan-Feb 2016 | Page 19

DATA SECURITY By Chris Pace, Head of Product Marketing, Wallix 19 Chris Pace examines the security lessons businesses should take onboard following the TalkTalk hack. Introduction A seven per cent drop in share price, £200,000 cut from its forecast numbers for customer growth and a likely grilling from a Commons Select Committee for the company’s CEO. These were just some of the consequences that mobile phone operator and broadband provider TalkTalk faced following its highly publicised hack last year. Although its share price recovered quite quickly, the hit to its reputation will take much longer to restore and the hack will have served, once again, to highlight how damaging a visit from a cyber criminal can be to a company. Deloitte predicts that 73 per cent of consumers would reconsider using a company if it failed to keep their data safe. The breach will also have made senior management everywhere fret even more about whether their own defences are good enough. And it’s not just senior management that’s fretting, which is why the UK Government has authorised an extra £1.9 billion to bolster our national defences. Strengthening Internal Access In the wake of the hack we heard all kinds of speculation about the motives of these attackers, the methods they might have used and their ultimate goals. There were experts who blamed international terrorists or Eastern European crime syndicates. Then the arrests came, police took two 16 year olds, a 15 year and a 20 year old in for questioning. It’s now clear that these attackers’ likely route into TalkTalk systems was through a vulnerability in its website that was exploited by SQL injection. Nothing new there. In fact, there is very little in terms of technology that’s new about this breach. It’s the volume of the data and the nature of the company that has really been the cause of the alarm. One man claiming responsibility for the TalkTalk breach describing the company’s security as “terrible, that’s being honest with you, horrible.” Contrast that with the words of Chief Executive Dido Harding claiming TalkTalk was “head and shoulders” better than its competitors when it comes to securing customer data. As with the Sony Entertainment hack in 2014 it may have been the weaknesses in internal security that resulted in the hackers being able to access almost the entire network and peruse the network and associated databases at their leisure. Passwords and shared accounts stored on the network in plain "The breach will also have made senior management everywhere fret even more about whether their own defences are good enough." text or that can be easily brute forced with simple tools gave hackers the weakness they needed. This is another hack that serves to highlight that securing data and systems on the inside of a network is just as important as heavyweight perimeter defences. After the initial breach, when there are few internal barriers, lateral movement and therefore damage is easy. Strengthening internal access provision isn’t just a cyber threat deterrent; it prevents the likelihood of misuse of systems by insiders, which actually accounts for the majority of data breaches. www.networkseuropemagazine.com