The Strategist

British TalkTalk fined a record 400 thousand pounds for failing to prevent cyber attacks

10/06/2016 - 14:50

British telecommunications company TalkTalk will have to pay a fine of 400 thousand pounds (more than $ 500 thousand) for having failed to prevent cyber-attacks directed against the company in 2015. This decision was announced by The Information Commissioner's Office (ICO).

Jochen Zick, action press
Jochen Zick, action press
According to Reuters, the regulator believes TalkTalk had to take preventive measures to protect data of its customers. "Today's record fine is a warning to others that cyber security is a concern not of IT-services, but of board of directors", - told the ICO.

October 23, 2015 the site underwent TalkTalk cyberattack. According to the agency, it affected about 4% TalkTalk customers and cost the company 60 million pounds (more than $ 75 million). This hacker attack against the provider was the third in the past year. The security system was also subjected to burglary in February and August. 

TalkTalk’s audience amounts to four million people. The company recommended that users of the website informed their lenders on any strange things, which hypothetically could be associated with fraud.

Later, TalkTalk said it "does not store full details of customers’ credit cards online." "Any credit card data contain a number of hidden figures, which in itself cannot allow to make monetary transactions," - said the company in a statement. It also noted that passwords of personal accounts were not hacked.

Specialists of London Institute of Directors (IoD) came to a conclusion that business is not serious abount information security. Only 28 out of 100 victims of cybercrimes go to the police.

British financial group Barclays together with IoD has conducted a study on computer security. The paper’s results showed that business prefer keep quiet about cyberattacks, despite the fact that half the hackers’ actions lead to violations of the workflow.

Experts believe that scale of the threat should not be underestimated. 7 out of 10 representatives of surveyed companies said that they have received fake invoices by e-mail. About a thousand of respondents said that they suspect existence of threats, but are not ready to confront them. Nine out of ten business leaders are aware about importance of computer security, but only half of them (57%) have introduced protective measures. only 20% of respondents insured risks related to potential damage from computer crime, and 68% of respondents have heard of the British national center to combat cybercrimes (Action Fraud Aware). The rest know almost nothing about what state’s measures to combat computer crime.

The reason for this may be the fact that managers often are not informed about problems, because employees do not talk about it. This fact is confirmed by a survey conducted at the RSA Conference: only one out of seven employees responsible for information protection reports of dangerous situations to General Director.

At the same time, 74% of companies said that they could be a potential target of cyberattacks in 2016, and 30% said that they see hack attempts every day. Share of experts who are confident in their ability to timely identify and adequately respond to the attacks decreased from 87% to 75%. Extent of employee awareness, responsible directly for information security, is extremely poor. 24% could not answer a question of whether there were cases of theft of user credentials in 2015; 24% do not know exactly who carried out the attack, 23% do not know whether their company suffered targeted complex attacks from hackers.