How the TalkTalk Data Breach Could be a Blessing in Disguise

talktalk-hack On the 21st October 2015, telecom giant TalkTalk got hacked. With the personal data of 4 million customers in jeopardy, the attack served as another stark reminder of the reality in which we now live. Luckily for TalkTalk, the resulting damage was relatively minimal. 156,959 customers were affected, with 15,656 having their bank details hacked – most of which remained safe from fraud thanks to the codes not being enough for the hackers to make payments. The damage was still rife however as people’s trust in security plummeted and TalkTalk estimated the financial hit of the attack to total around £35 million in one-off costs. According to the company’s CEO, Dido Harding, that figure covers the response to the incident, the increased volume of calls into the call centres, and the IT and technology costs. It also accounts for 3 weeks’ worth of revenue lost as a result of online sales sites being down. Two months on and we are beginning to see the silver lining in this unfortunate scenario. The attack on TalkTalk has kick-started a long awaited campaign for organisations and authorities to recognise the importance of cyber security and the serious repercussions that can come a breach of any scale. A UK parliamentary inquiry into the security of personal data online has been launched, and in the EU, new data protection laws are being discussed and reform plans being made. In its autumn statement, the UK government pledged £1.9 billion to cyber security, which will include a National Cyber Centre in GCHQ as well as a further two centres for innovation based in London and Cheltenham. Chancellor George Osborne says that the aim of these centres is to support talent and drive growth in the cyber security sector. The statement also mentioned programmes for active defence, as well as offensive cyber capability thus signalling at the role that cyber strategy now plays on the world stage. For businesses this means tightening up on security procedures more than ever before: setting aside relevant budgets and integrating security measures into each and every layer within the company; improving cyber literacy and creating strict, consistent policies. The real challenge however, will be encouraging organisations to make the changes as quickly as possible, avoiding bureaucratic stagnation so as to keep up with a rapidly evolving attack landscape.