By using this site, you agree that we may store and access cookies on your device. You can find out more and set your own preferences here.
Figures have shown that SMEs are particularly vulnerable to cybercrime as they are seen as easy targets. But cyber criminals also like a challenge, which is why they will try and break into larger firms – with some even taking on government bodies like the CIA. These departments, along with global corporations, are expected to have the most sophisticated security systems in place to protect their data, so it undoubtedly makes headlines when they find themselves victims of online attacks. Yahoo and TalkTalk are two such firms which have recently made the news after hackers breached their systems. Such cases demonstrate how important it is to have the right protection in place and show how any business is at risk – even global multinationals.
News of the Yahoo breach made headlines across the globe when it was revealed data held on around 500 million users was accessed by hackers. Details the criminals got hold of – which included those of around 8 million UK users – included names, emails, phone numbers, dates of birth and unencrypted security questions and answers.
The attack happened in 2014 but the technology company only revealed details of it in September last year as the FBI confirmed it was investigating the breach. Yahoo users were urged to change their passwords if they hadn't done so since 2014.
Just a month later, in October, UK-based telecoms giant TalkTalk was handed a record fine for security failings that allowed a cybercriminal to access its customers' data "with ease". The Information Commissioner's Office (ICO) issued the £400,000 penalty after finding the attack in October 2015 could have been prevented if TalkTalk had taken basic steps to protect customers' details.
In its investigation, the ICO found the hacker had accessed the personal data of 156,959 customers, including their names, addresses, dates of birth and phone numbers and, worryingly, in 15,656 of these cases had managed to get hold of people's bank account details and sort codes.
The hacker had used an SQL injection, in which code is added to a web page to access data, to breach TalkTalk's systems – an attack TalkTalk should have been able to guard against, the ICO said. In conclusion, the ICO said the company failed to have the appropriate security measures in place to protect the details it was responsible for.
Both TalkTalk and Yahoo came under fire after news of the attacks emerged. Experts and commentators questioned why it took Yahoo so long to confirm details of its hack and how many users had been put at risk. Why it took so long for the internet giant to tell its users and prompt them to change their passwords was also questioned.
Yahoo claims the attack was carried out by "state-sponsored" hackers and said this kind of online intrusion has become "increasingly common" across the technology industry.
TalkTalk meanwhile, apologised in the immediate wake of its attack and in a letter to customers said it took any threat to the security of clients' data "very seriously". The telecoms giant was criticised, however, as the October hack came after two previous attacks on the firm.
Recovering from a cyberattack is a difficult process but there is some knowledge that can be taken from it – such as discovering where the weaknesses in your system are and how they can be strengthened. It is a safe bet to assume security experts at Yahoo and TalkTalk would have been asking the same questions.
Cybercrime can be devastating for a business, and as the above cases have proved any firm is at risk, so it is imperative companies have the best safety systems possible in place. And for those who have unfortunately fallen foul of hackers, finding out how it happened can better prepare you for the future.
As technology and safety systems develop, hackers and fraudsters are coming up with ever more inventive ways of attacking companies and their data, so having the most up to date and robust policies in place is important to minimise risk and vulnerability.
At the same time, however, more basic systems must not be overlooked. As demonstrated by the TalkTalk attack, hackers will look for easy way into systems and if these routes are not covered they can be easily exploited.
PAV i.t's experts can help strengthen your existing security systems or put in place a bespoke protection package. To find out more call us on 01273 834 000 or complete our enquiry form.
Author: Jason Fry, Managing Director at PAV i.t. services