Friday 8 January 2016

Data Breaches & IT Glitches One Week in 2016

A week into 2016, we have already seen a few Security breaches/glitches that have hit our screens. 

Time Warner Cable (an American cable telecommunications company) yesterday started notifying up to 320,000 customers of a data breach in which their email and password details were likely stolen. However I am still yet to see anything on their website or social media platforms with comms on this...
An exact account of what happened remains unclear; TWC has not yet found any indication that its systems were directly breached.
The organization learned of the problem from the FBI, which recently notified TWC that some customers' email addresses and account passwords "may have been compromised."
"We are in the process of notifying approximately 320,000 customers across our markets of the possible breach," a company spokeswoman told PCMag in an email. "The information we received from the FBI is limited but there are no indications that TWC's systems were breached.
Cited and more on this story at PC Magazine 

Most people started their 2016 working year on Monday and unfortunately for HSBC customers they were faced with yet another IT glitch. This impacted customers using the banking site and mobile banking application. Customers were being told on Tuesday that they were overdrawn and would encounter a £5 charge...Incorrectly, may I add.
Customers took to Twitter and other social media sites to get their complaints and views across to HSBC. 
A video was posted by the Chief Operating Officer at HSBC, John Hackett, on Tuesday evening which said: 'Sorry, Sorry for the inconvenience and frustration that many of you have suffered. This was not a Cyber attack, it was an Internal issue and at no time was your data at risk in anyway. We don't want any of our Internet banking customers out of pocket.' 
Unfortunately when HSBC posted this Tweet on the first occasion, the helpful link was not working...But I checked this morning and the Link is up.
Now HSBC has 17 million personal and business banking customers across the UK. It is not known how many of them have been affected by the problems.
But rightfully so, MPs are demanding HSBC to explain what went wrong - amid concerns the failures "suggest a systemic weakness in infrastructure". This is not the first leading UK bank to have suffered in the past 6-12 months. 
Reflection Mode 
Data breaches that we have seen over the last 2 years can have a major impact on not only your brand reputation but your share price. Don't get me wrong will it impact on you immediately...maybe, maybe not, but I think it does depend on what market you are in. For example, Ashley Madison (a dating website for people in relationships - slogan 'Life is short. Have an Affair') got hit by an attack last year that saw over 32 million of their customer details to be leaked. They have stated that since the attack their subscribers have grown by 4 million! This now brings it to 43 million subscribers.  Take a look at Graham Cluely's blog for a good brief.
I found the below on CSO online which gives a good indication of how some of the companies that have hit our screens have had a big impact on their share price a year after being hit.

However when TalkTalk got hit last year, their share price fell by 10%. Even though the results above show that the companies affected, share prices actually went up; I would say every market is different and unless you're one of the big boys - it's time to pull your socks up, not to mention the new EU laws or other legislations that will affect your business.

I feel that when I write these blogs that I am repeating myself. Now every breach, and yes I will use 'glitch', has an impact on you, however big or small you are. It will come down to 'Has this impacted on my business' or 'will this' - money talks, which of course comes down to your customers' loyalty. Thoughts going forward; and feel free to add onto this but; we get better by understanding and mitigating against attacks by getting more predictive, but we need the armour to do so. With this comes incident response plans, good or great PR response and SECURITY AWARENESS/BEHAVIOUR TRAINING (sorry for the caps but it's needed..). You and your users have a massive problem because of phishing attacks and information sharing (including social media).  Training needs to be done continuously.  How good are the people in your business at following policies and procedures? Where are the gaps - you might think you have it covered, but do you? Are your solutions/technologies still fit for purpose? What's happening on the deep and dark web - are the cyber criminals targeting you? Worse still is your data for sale there? The list is limitless. Where do you start? Where do you end? 

I could go on but would as always thoughts welcome... 

No comments:

Post a Comment