Last week it was revealed that UK telecommunications company TalkTalk suffered a data breach in 2014, where customer details—such as account numbers, names and addresses—were stolen. The stolen details were then used by scammers to trick people into believing they were being contacted by the company. TalkTalk has said that the information stolen was “non-sensitive,” and it believes the attackers were able to access TalkTalk’s internal systems via a third-party that also had access to its network.
We see it time and time again. If an attacker wants to get in, they will. This TalkTalk breach highlights not just the importance of organizations ensuring their own security policies are up to scratch, but also that of their third parties. TalkTalk has done a great job in reacting to the situation by investigating when unusual events were reported, and then quickly informing customers of the situation. It’s now clear just how important it is to have the ability to identify and respond to threats in as little time as possible.
While it seems TalkTalk has responded relatively quickly, it was through a rise in complaints from customers—rather than the company itself identifying unusual activity on its networks. Most organizations currently operate in a mode where the time it takes to detect and respond to threats is months—or weeks at best.
In order to ensure that damage is limited, and to avoid becoming the next breaking news headline, businesses should aim to reduce this time to hours or minutes. Traditionally, organizations have taken a relatively reactive approach to cyber security, but faced with the sophisticated threats of today, this needs to change. However, there is so much noise on the network these days, with vast quantities of data moving around at breakneck speeds, that it can be difficult to proactively identify threats.
Security intelligence techniques allow security teams to see through the fog and target the threats that matter, so they can respond quickly and efficiently. The faster businesses can find and shut-down threats, the more work hackers will have to do to succeed and, with any luck, one day in the future they’ll get tired of trying.