What can telcos learn from TalkTalk’s recent data security breach? – Part 2

Kevin Foster, testing services manager, MTI Technology

Last month telecom giant, TalkTalk, became the victim of a cyber attack when hackers accessed its customers personal data. Cybercrime is big business for hackers and it’s on the rise. Research by the Ponemon Institute shows that in 2014, the average loss to companies in the case of data security breaches was US$3.5 million. With the UK now the top target for cyber criminals, securing data has never been more important.

Reports suggest that hackers implemented a Distributed Denial of Service (DDoS) attack as a distraction tactic. Meanwhile, they were able to access the data in the actual attack – via SQL injection, says Kevin Foster, testing services manager, MTI Technology.

TalkTalk_logo.10.15With hindsight and learning from the TalkTalk case – what precautions can organisations take to protect their data from a similar attack?

  • Code all web applications in line with a Secure Software Development Lifecycle (SSDLC). Addressing vulnerabilities such as those described in the OWASP Top 10 and SANS/CWE Top 25 during the application development process will significantly decrease the risk of attack.
  • Test all web applications and externally visible hosts. An external penetration testing organisation can regularly test for flaws at a Network, Server and Application level. Be sure to address any issues and vulnerabilities that have been detected immediately.
  • Use Web Application Firewalls (WAFs), Intrusion Detection and Prevention (IDP/IPS) and Data Leakage Prevention (DLP). Keep in mind that these should be used in conjunction with DDoS solutions, not as an alternative. Using the applications and solutions in unison rather than in isolation, can help both detect and block attacks.
  • Encrypt all important and sensitive information stored in file shares and databases. This will increase protection of critical data in the case of a security breach by adding an additional layer of security.

Separate functions and access so that hackers are unable to decrypt data via the same process or access point. Instead, a separate form of internal access will be required to decrypt on a per record or transaction basis. With rate limiting functions in place to alert and prevent extraction of large volumes of database records.

The author of this blog is Kevin Foster, testing services manager, MTI Technology

RECENT ARTICLES
still life red thread connection

Ericsson and Nex-Tech Wireless launch 5-Year network modernisation

Posted on: April 19, 2024

Ericsson and Nex-Tech Wireless have announced a 5-year network modernisation initiative. This initiative underscores Nex-Tech Wireless’s commitment to providing connectivity solutions to communities across Kansas.

Read more
Businesswoman in a seminar drawing a graph

Tech giants collaborate to set agenda for Europe’s digital future

Posted on: April 18, 2024

Ericsson has joined forces with four of the biggest names in global technology to call on Europe’s policymakers to take urgent action in five key areas to ensure the region

Read more