TalkTalk: Thorough and regular website testing essential for cyber security

It was revealed this week that the TalkTalk data breach will cost the company £35 million.

In total, two million pieces of personal and account data were accessed.

The costs can be broken down as follows:

  • responding to the incident;
  • calls into TalkTalk’s call centres;
  • additional IT and technology costs;
  • lost revenue due to websites being down.

Last week, the company disclosed that “just” 157,000 of its customers’ details were accessed.

This means that 157,000 customers are at risk of fraud, although the company maintains none are at risk of direct fraud of their banking cards.

The biggest risk to these customers now is their susceptibility to phishing scams.

TalkTalk has warned its customers to be vigilant against phishing attempts to obtain further personal information.

SQL injection

The company disclosed that the attack occurred through a SQL injection attack of its website, a very basic form of attack that has been known for over ten years. According to security experts, one reason that SQL injection is possible is that security is not sufficiently emphasized during the development of websites.

Website testing and vulnerability scanning is an important part of any security regime, and provides a cost-effective way to assess whether your websites are secure against known vulnerabilities.

Cyber Essentials is the new UK Government certification scheme that provides a framework for organisations to implement to improve their cyber security, such as implementing controls to ensure software is updated regularly, and testing websites and web applications through vulnerability scans. The basic level of Cyber Essentials certification includes an external vulnerability scan of the Internet-facing networks and applications, as mandated by CREST-accredited certification bodies for the Cyber Essentials scheme. This scan is used to verify that there are no obvious vulnerabilities present.

Cyber Essentials certification will enable you to:

  • Protect your business from the most common forms of cyber attack.
  • Show your customers you’re serious about cyber security.
  • Get your website and networks independently tested for vulnerabilities.
  • Take action to fix any identified problems.
  • Win new business and beat your competitors at it.

Find out more about getting started with Cyber Essentials by downloading this free paper now.

CE banner kid with laptop

2 Comments

  1. Ian Johnston 17th November 2015
  2. Dr. Paul Kendall 17th November 2015