What can telcos learn from TalkTalk’s recent data security breach? – Part 2

Kevin Foster, testing services manager, MTI Technology

Last month telecom giant, TalkTalk, became the victim of a cyber attack when hackers accessed its customers personal data. Cybercrime is big business for hackers and it’s on the rise. Research by the Ponemon Institute shows that in 2014, the average loss to companies in the case of data security breaches was US$3.5 million. With the UK now the top target for cyber criminals, securing data has never been more important.

Reports suggest that hackers implemented a Distributed Denial of Service (DDoS) attack as a distraction tactic. Meanwhile, they were able to access the data in the actual attack – via SQL injection, says Kevin Foster, testing services manager, MTI Technology.

TalkTalk_logo.10.15With hindsight and learning from the TalkTalk case – what precautions can organisations take to protect their data from a similar attack?

  • Code all web applications in line with a Secure Software Development Lifecycle (SSDLC). Addressing vulnerabilities such as those described in the OWASP Top 10 and SANS/CWE Top 25 during the application development process will significantly decrease the risk of attack.
  • Test all web applications and externally visible hosts. An external penetration testing organisation can regularly test for flaws at a Network, Server and Application level. Be sure to address any issues and vulnerabilities that have been detected immediately.
  • Use Web Application Firewalls (WAFs), Intrusion Detection and Prevention (IDP/IPS) and Data Leakage Prevention (DLP). Keep in mind that these should be used in conjunction with DDoS solutions, not as an alternative. Using the applications and solutions in unison rather than in isolation, can help both detect and block attacks.
  • Encrypt all important and sensitive information stored in file shares and databases. This will increase protection of critical data in the case of a security breach by adding an additional layer of security.

Separate functions and access so that hackers are unable to decrypt data via the same process or access point. Instead, a separate form of internal access will be required to decrypt on a per record or transaction basis. With rate limiting functions in place to alert and prevent extraction of large volumes of database records.

The author of this blog is Kevin Foster, testing services manager, MTI Technology

RECENT ARTICLES
Cross-section of a submarine telecommunication cable

Telxius expands submarine cable route from Dominican Republic to Puerto Rico

Posted on: May 2, 2024

Global connectivity provider Telxius is opening its latest submarine cable route with the extension of SAm-1 between Punta Cana in the Dominican Republic to Puerto Rico. The route is in

Read more
Close up men shaking hands with

TPG Telecom and Optus to expand Australian mobile network coverage

Posted on: May 1, 2024

TPG Telecom and Optus have announced that they have signed network sharing agreements to create a regional Multi-Operator Core Network (MOCN) to extend TPG Telecom’s 4G and 5G mobile network

Read more