TalkTalk is the latest in a long line of high profile businesses to undergo a ‘cyber attack’ as they call it. A real pattern is emerging of how these matters are managed in the public domain and it is interesting to note there is no use of the dreaded “hacked” terminology in their reports and messages.
They are now in that incredibly tricky position of knowing intruders have been in – but not being quite sure what they have left with in their bag of electronic ‘swag’. It is now that the executive team discover just how convoluted the investigations can be and the awful fact that there is the potential to never know exactly how they got in or what was taken. At a time when everyone is seeking certainty, the challenge of a cyber crisis such as this is that conducting investigations as to where hackers have been on your network, particularly if it is integrated across key platforms, can be a very, very long process. It can be quick if fortune smiles on you but there are no guarantees.
Meanwhile, the world wants to know exactly what has been lost and to be personally told what they should do and what risks they face. The longer you are unable to provide this information, the more uncertain, if not incompetent, you look in the harsh light of the media spotlight.
Talk Talk is not the first – and will certainly not be the last – but this current tale raises even higher on the agenda whether businesses which manage public data in any way should be more tightly regulated or provide greater levels of assurance in some way to having the required levels of defence to best defend our much valued information.
Hackers have entered TalkTalk’s network and, seemingly, left with our data in their bags – it is described as “a significant and sustained cyber attack on our website” – very emotionless language but in fact could be far better called a ‘hack of their network’.