Hundreds of British Gas customers have been warned after customer e-mail addresses and account passwords appeared online. Around 2,200 warning letters have been sent to customers informing them of the incident – but the firm has insisted its systems are secure and no payment details were revealed. The company says it is “confident” the data leak had not come from within the company and said it “someone external” who had possibly targeted customers with phishing attacks. Security Experts from QA and Centrify have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tom Kemp, CEO at Centrify :
“The British Gas breach illustrates that passwords are the “keys to the kingdom,” and that when stolen, will likely lead to compromised credentials, which are the leading point of attack used in data breaches. With more and more breaches happening every single year, enterprises need to implement multi-factor authentication (MFA) wherever possible. This means that if a password is compromised, it does not mean the cyber criminal has access to sensitive information. However, for MFA to be effective, IT needs to make it user friendly by taking advantage of fingerprint/biometrics, proximity of wearables and push notifications to mobile phones. While the elimination of passwords is the smartest way to minimise the threat of attack, implementing these factors will help ensure that a stolen password will not lead to compromised credentials.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Richard Beck, Head of Cyber Security at QA :
“Data breaches are stealing the headlines this week with British Gas the latest business to reveal it has been the victim of a cyber attack. In this case the method used was a phishing attack. Falling foul to phishing e-mails or online scams is easily done if users don’t know what to look out for. In many cases it’s as simple as knowing not to click on a URL sent via an email before checking it’s genuine – and that’s easy to do. The key here is education. Educating can help detect, deter and defend against the cyber threats that every business faces today. By understanding what tools cyber criminals have in their armoury, businesses can be better prepared to deal with the continual cyber threats levied against them.”[/su_note]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.