Tuesday, 27 October 2015
Talk Talk gets the Tyson treatment
Common sense suggests that Talk Talk as one of the UK's major ISP's would have a good sense of the risks online poses. In fact, in a truth is stranger than fiction moment, Talk Talk Business offer security related services. which really does suggest all is not right with Talk Talk.
The news therefore that a 15 year old boy in Ireland was arrested for suspected offences under the Computer Misuse Act relating to Talk Talk and subsequently bailed until November is a mixed blessing for Dido Harding and her team of cyber security experts.
On one hand it is good news if the attack is now over as the news cycle will roll on and other matters will come to the forefront. On the other hand if this is the work of a 15 year old acting alone (and probably using easily available / free brute force type cyber weapons) it does suggest that the Talk Talk digital front door was not just unlocked but off its hinges.
In fairness when Richard Ledgett, Deputy Director of the NSA comments on the Today programme "If you are connected to the internet you are vulnerable" he does frame the problem in an honest way.
The online attack surface for Talk Talk is huge with multiple points of potential vulnerability. Given that information security is such a broad church with multiple standards (ISO, SANS, NIST, OWASP, Crest, IASME, Cyber Essentials etc) populated by a mix of ex law enforcement, IT people , self categorised "Black Ops" and others it is understandable that a busy CEO gets caught out by some of the flagrant rubbish that gets bandied about. My personal favourite is that all cyber crime is carried out by ruthless gangs of organised criminals. I am sure this exists - but perhaps mainly to add glamour to the job of dealing with it.
Realistically companies are going to need to allocate increased budgets to online security and try to ensure that those budgets are managed by people with a genuine understanding of the new ecosystem to avoid being made to look foolish (and losing 10% of their share price) by a teenager with a broadband connection and £250 laptop (and maybe a white cat ?).