29 Oct 2015
As you may already have heard, a 15-year-old was arrested for what is being called one of the UK’s biggest cybercrimes to date – the successful attack on British ISP TalkTalk last week. TalkTalk services the consumer and small business markets. The data breach suffered by the company was most likely the result of a SQL injection attack, and may have exposed data on all of TalkTalk’s 4 million customers — including their names, addresses, email addresses, phone numbers, account information, and some financial data. The company has stated that not all of the data was encrypted. Apparently the IT security team was distracted by a denial-of-service attack, during which time the data thief (or thieves) managed to access customer information. The attacker/s then issued a ransom demand, by email. They requested a payment of £80,000 (~$122,000), payable in Bitcoin, or the company’s customer records would be published, according to a report by Brian Krebs. TalkTalk’s CEO, Dido Harding, has been very open in discussing the attack with the media, but some of her comments have caused confusion in the security community, which has been trying to figure out how the attack was conducted in order to strengthen defenses elsewhere. Much of the confusion can easily be attributed to misunderstanding TalkTalk’s IT team’s findings – for example, Baroness Harding told the Financial Times it was a “sequential” attack, when discussing a SQL injection attack. No one expects a CEO to be a tech expert, but the arrest of such a young suspect and the seemingly unsophisticated methods used to successfully attack TalkTalk are obviously of concern. Harding has stated that the company probably should have invested more into cyberdefense, but also added that “no system is free from vulnerabilities.” Harding also told the Daily Telegraph: “Do I wish I had done more? Of course I do. But would that have made a difference? If I’m honest I don’t know. This is happening to a huge number of organizations all the time. The awful truth is that every company, every organization in the UK needs to spend more money and put more focus on cyber security – it’s the crime of our era.” In the company’s most recent annual report, TalkTalk said it “continually reviews and seeks best practice external guidance on its data security capability and invests in and implements new solutions, both to prevent and detect security breaches. In FY14, there have been initiatives including increased hardware and removable media encryption, further enhancements to the Group’s data loss prevention capability and roll-out of advanced solutions to protect customer credit card details…” There’s no benefit in pointing fingers at Harding or TalkTalk, and it is certain that no system is free from vulnerabilities. That’s why risk management is so important in securing data. You decide what absolutely needs to be protected, and focus the bulk of your efforts there while providing appropriate levels of security across the digital ecosystem. BAI Security provides an actionable security plan with several services. Our IT Security Assessment consists of a comprehensive evaluation of key technologies, systems, and personnel within an organization to identify vulnerabilities that can lead to a compromise of data assets and/or intellectual property. This approach has a more fundamental focus on identifying real-world security weaknesses, rather than just conforming to minimum compliance requirements. Our compliance Controls Audits and Risk Assessments evaluate an organization’s existing policies and procedures against applicable compliance and legal standards. Additionally, the audit identifies reasonably foreseeable risks that could lead to service interruption or unauthorized disclosure, misuse, alteration, or destruction of confidential information. Our Compromise Assessment service is, at its core, a forensic audit of all the endpoint devices (servers and workstations) in an organization to determine if a breach has already occurred. This service can identify various types of undetected malware, including those that have contributed to many of the data breaches in recent headlines. We also offer Compromise Assessment as a managed service, providing continual monitoring of the environment to identify suspicious activities that could lead to a breach.