TalkTalk has learnt from its mistakes after suffering an avoidable cyber attack last year, and other companies should take note too
“It goes a lot deeper than security,” said the TalkTalk chief executive Dido Harding, and indeed it does. The devastating cyber attack which exploited the data of thousands customers of TalkTalk, the UK telecommunications company, highlighted how many businesses have failed to recognise the severity of computer hacks and the high chance of suffering from one.
Beyond the clear lack of proper security measures in place to protect consumer data, the attack also highlighted concerns surrounding how the company operated. This was particularly so after the chief executive was asked about the measures used to secure its customers data in which she gave, disappointingly, limited answers.
Things look to be changing for the better now though. “The business needs to mature in the way it operates. We are running a much bigger, established business,” said Baroness Harding. It was clear that much change was needed. In the aftermath of the attack, IT security experts labelled TalkTalk’s cyber defences as weak, the role of the chief executive was questioned, the many in the company worried about its reputation and brand as fears of masses of customers leaving the company would become a realistic threat.
However, it seems like TalkTalk has learnt its lesson, and has managed to survive damage the attack caused. Though it was not just the telecommunications company which faced scrutiny; regulators were also blamed for failing to properly incentivise companies handling masses of consumer data with care to implement sufficient security measures, such as encryption and the tokenising of bank numbers and codes.
After the events, the company provided regular updates to the public as it investigated the data breach. The chief executive was able to recognise that her company was too laid back when it came to cybersecurity, but now says that it will become a much higher priority. In addition, Baroness Harding wants the government to make it mandatory to report data breaches, a valid point. Overall though the tale of TalkTalk should remind everyone that cybersecurity should never be neglected.