What can telcos learn from TalkTalk’s recent data security breach? – Part 2
Last month telecom giant, TalkTalk, became the victim of a cyber attack when hackers accessed its customers personal data. Cybercrime is big business for hackers and it’s on the rise. Research by the Ponemon Institute shows that in 2014, the average loss to companies in the case of data security breaches was US$3.5 million. With the UK now the top target for cyber criminals, securing data has never been more important.
Reports suggest that hackers implemented a Distributed Denial of Service (DDoS) attack as a distraction tactic. Meanwhile, they were able to access the data in the actual attack – via SQL injection, says Kevin Foster, testing services manager, MTI Technology.
- Code all web applications in line with a Secure Software Development Lifecycle (SSDLC). Addressing vulnerabilities such as those described in the OWASP Top 10 and SANS/CWE Top 25 during the application development process will significantly decrease the risk of attack.
- Test all web applications and externally visible hosts. An external penetration testing organisation can regularly test for flaws at a Network, Server and Application level. Be sure to address any issues and vulnerabilities that have been detected immediately.
- Use Web Application Firewalls (WAFs), Intrusion Detection and Prevention (IDP/IPS) and Data Leakage Prevention (DLP). Keep in mind that these should be used in conjunction with DDoS solutions, not as an alternative. Using the applications and solutions in unison rather than in isolation, can help both detect and block attacks.
- Encrypt all important and sensitive information stored in file shares and databases. This will increase protection of critical data in the case of a security breach by adding an additional layer of security.
Separate functions and access so that hackers are unable to decrypt data via the same process or access point. Instead, a separate form of internal access will be required to decrypt on a per record or transaction basis. With rate limiting functions in place to alert and prevent extraction of large volumes of database records.
The author of this blog is Kevin Foster, testing services manager, MTI Technology