We Need to TalkTalk About Security Policy Management

Last month TalkTalk, one of the UK’s biggest telecom providers, became the latest large company to fall victim to a major cyber-attack. Around 157,000 of its customers had their personal details accessed, with over 15,600 of them having bank account numbers and sort codes stolen. Although the damage was less than initially feared, it was nevertheless a potentially damaging episode for a company that had suffered two previous breaches in December 2014 and February of this year. TalkTalk is also owned by Carphone Warehouse, which itself was the victim of a breach in August.

No definitive explanation of the attack has been established yet but it is thought that the hackers orchestrated a DDoS attack as a distraction before breaching the company’s website to steal data using an SQL injection.

Given the increasing popularity of DDoS attacks with hackers, it is worth revisiting the steps organisations can take to mitigate the threat of DDoS attacks and minimize the damage they cause:

• Identify – You need to be able to identify the signs of a DDoS attack early. Normally the first sign is a sharp spike in traffic to your website, followed by an extreme slowing down of performance. If you are familiar with your usual network traffic and performance patterns then you will be better placed to identify whether the disruption is being caused by an attack or other factors such as technical issues or maintenance work.
• Get help – It is difficult to fight a DDoS attack alone. One partner that can help in the event of such an attack is your ISP or hosting provider, since the traffic has to pass over their network. They can sometimes block certain IP addresses from ever hitting your network. If you are under attack, they can ‘null route’ your traffic. To get the website back up, they may divert traffic to a scrubbing facility where malicious packets are removed.
• Be vigilant – DDoS attacks are often used as a smokescreen for other types of cyber-attacks, as suspected with the TalkTalk case, so check that the rest of your security defences are working as they should during a DDoS attack. If you process credit card transactions or handle financial information, look out for suspicious transactions or a lot of traffic from locations where you don’t do business (there are anti-DDoS solutions that can block transactions from certain locations).
• Be prepared – Once a DDoS attack starts there is little you can do to stop it. However, what you can do is factor DDoS into your organization’s disaster recovery plan, outlining who is responsible for responding to such an attack and what the procedures are. This will help you to respond quickly and protect customers.
• Segment your network – In the event of an attack, segmentation will help to prevent a single point of failure. Segmentation is like the watertight compartments on a ship: if one section is compromised the ship is able to stay afloat, and the same theory applies to a network. By properly categorizing and isolating applications and segmenting the network accordingly, you can prevent hackers from being able to move around your entire network if they gain access.

As security threats evolve, organizations need to ensure that their security systems are keeping up. What is needed is a proactive approach to cyber-security that involves frequently testing network defences to check that data is secure and that policies are being applied correctly, as well as having a plan in place for how to react when breaches do occur so that damage can be minimized.