Skip to main content

Former TalkTalk chief flags legacy kit as security risk

LIVE FROM INFOSECURITY EUROPE, LONDON : Dido Harding, former CEO of UK multiplay operator TalkTalk ( pictured ), warned against failing to decommission legacy systems following M&A, blaming her old company’s lack of action for a devastating data breach in 2015. Harding told delegates robust systems and immediate honesty with customers were central to protection against attacks, and minimising reputational damage if hit. During 2015 TalkTalk was the target of one of the largest data breaches in the European telecoms sector, with over 150,000 customers impacted and stinging attacks from officials and the media. Following the incident there was an exodus of customers and its share price dived to a level the operator has never really recovered from. It was also hit with a then record £400,000 fine from national data regulators. “The impact was enormous reputationally and financially,” Harding stated and, although she believed the company hadn’t done enough to protect itself before the hack, it was “not a company that didn’t take cybersecurity seriously”. She added the foundation of the company, built through M&A activity, meant it had inherited a number of old systems, many unused for years but not decommissioned: “It’s the legacy that gets you,” Harding warned. Reputation Harding told the audience the biggest risk was reputational, which was her justification for informing customers within hours of the attack through publicity in broadcast media, email and social media. Although widely criticised for her stance at the time, including by the police, Harding said she believed being “honest about it” was the best way to regain customer trust. The former executive said three months after the incident TalkTalk’s churn rate was lower than prior to the attack and in its own feedback data more customers stated they would recommend the company to a friend. These metrics, she added, were due to its approach in the immediate aftermath. However, its improved churn rate and satisfaction rates would have excluded the customer exodus immediately following the incident. Board battle Other advice given included: ensuring clear communication channels between executives and technical staff; and ensuring the board are asking the right questions about potential vulnerabilities. “Cybersecurity is a board decision,” Harding said, adding: “Still no board is asking the right question. Are we OK? The answer is no. None of us can give 100 per cent security. We should be asking what are the risks.”
Labels:

Comments

Post a Comment

Popular posts from this blog

Ring Alarm review: A great DIY home security system with the potential to become even better

Ring builds some of our favorite video doorbells and security camera/outdoor lighting mashups. Now the company—recently acquired by Amazon—is moving inside the home with a strong and inexpensive DIY home security system: Ring Alarm. It’s a fantastic product today, and Ring says it will only get better with time. Ring Alarm is positioned as a mainstream home security system, and while you won’t find a great deal of innovation here (there’s nothing like the Nest Detect sensor that comes with the much-more-expensive Nest Secure system , for example), it’s already equipped with everything it needs to grow into a comprehensive smart home system. Ring Alarm doesn’t support smart lighting controls, door locks, thermostats, garage-door openers, or other common smart home products today, and there’s a very short list of supported third-party products. But it lacks nothing needed to support those and similar devices down the road. And in an intervi...
Post a Comment
Read more

Study: Majority of U.S. Broadband Households Concerned About Security of IoT Devices

As Internet-connected devices become more ubiquitous, security and privacy concerns of end users are also on the rise. Simply installing security systems in smart homes is no longer enough. Security integrators must also consider bolstering cybersecurity measures when installing their systems. A recently released whitepaper from IoT research firm Parks Associates, titled “Residential Security and Encryption: Setting the Standard, Protecting Consumers,” reveals that 64% of U.S. broadband households are concerned about security and privacy when using their connected devices. Parks Associates also found that the majority of homeowners assume security integrators are addressing their cybersecurity concerns. In fact, a Parks Associates survey of U.S. security owners found 63% of professionally monitored subscribers believe the wireless signals from their system are encrypted, even though encryption is currently not the industry-wide standard. While the whitepaper outlines a few ...
Post a Comment
Read more

Security company in Bellevue vandalized

BELLEVUE, Neb. (KMTV) - An Omaha home security company based out of Bellevue is using its own camera to help track down a thief who stole items from outside their building. Chris Malmberg, the owner of Omaha Security Systems Inc. says an unidentified man stole nearly $300 worth of landscaping Sunday night. "The motion sensors went off and I got a notification on my phone that he was there. We saw him take the plants, we watched him drive away and then immediately contacted police," said Malmberg. "He was real nervous, but he ended up stealing shrubbery, Hosta plants, I mean - never in my life have I ever known somebody to steal landscaping." Malmberg said the plants could be replaced, but what's frustrating is that this is one of several vandalism incidents his business has experienced since OSSI moved into the building near Jefferson and Mission Ave. "We've had vandalism, we've had items stolen, or attempted to be stolen, with the security that we...
Post a Comment
Read more