Absolute cyber security a myth say experts in TalkTalk aftermath
Cyber attacks such as the one on telecoms firm TalkTalk are inevitable in the modern age, according to cyber experts, and as a result businesses must work harder at protecting the data they have.
Michala Hart, the head of channel strategy at cloud computing firm Exponential-e, said no individual or business is ever completely safe online. “Once again, this latest attack shows that it’s not a matter of if you’ll be hacked but when.
“It’s important to remember that in a digital world, absolute security is a myth. As security evolves, so do hackers and the very flexibility in the software that we’ve come to embrace creates a problem. As complexity and connectedness increase, so do the avenues of attacks so all businesses need to be prepared.”
There has also been criticism of the security TalkTalk – and other businesses – use on their internal systems. Brian Spector, head of security firm CertiVox said: “Whilst it is too early with too little information released yet by TalkTalk for a more detailed analysis, the attack vectors commonly used to initialise attacks of this magnitude are to gain access by stealing employee credentials.
“The credentials are still all too often simply user name and password. What the attacker knows: when a password, irrelevant of how complex the password may be is successfully stolen, the attacker can get access to internal systems and work their way to sensitive information – and steal it all.
“The underlying issue is that the username and password system is old technology that is not up to the standard required to secure the deep information and private services that we as individuals store and access online today. Providers that claim, ‘we are doing everything we can’ to protect customers’ data and consider passwords to be part of that protection are in the news all to often unfortunately.”
Experts also warned TalkTalk customers against responding to any emails they receive from unknown sources, especially those that contain web links, as this could be a “phishing” attempt to obtain more data from already breached accounts. TalkTalk customers are also being encouraged to change their passwords on any accounts where they use the same details as with the telecoms firm.