The Culture, Media and Sport inquiry into the TalkTalk hack has made a number of recommendations to companies to minimise and respond to data breaches including; fining companies should they fail to guard against cyber-attacks, linking CEOs’ pay to effective cyber security as well as jailing those who trade in stolen personal data for up to two years. Carl Leonard, Principal Security Analyst at Forcepoint, has provided the following comment on the recommendations.
Carl Leonard, Principal Security Analyst at Forcepoint:
“The select committee recommendations today serve as another reminder of the need to improve monitoring and protection of corporate data. The reality is that identifying data breaches is difficult and companies do not know they are losing data or where the source of the breach is coming from. Whether it is accidental or malicious data loss, with heavier fines likely to be inflicted on companies that suffer data breaches when the General Data Protection Regulation comes into force, there has never been a more pressing time for businesses to get their security controls in order.
Knowledge is ultimately key when it comes to implementing security measures and businesses have to realise that no-one is safe from getting hacked. Companies must be proactive in their approach to securing their data starting now, which includes taking stock of lessons learned from data breaches of other and taking the necessary measures to better educate their IT departments and employees. Having an established data breach plan in place will help businesses be familiar with the necessary detect, response and recovery phases needed to ensure they limit the effect of an attack.”