Security has – once again – been front and centre of coverage of the unified communications sector this week, as a 15-year-old boy has reportedly been detained in connection with the recent attack on TalkTalk.
The hack of budget telecoms provider TalkTalk’s website – which the company has since confirmed included the theft of some of its subscribers’ credit card details – has called into question the tenure of TalkTalk boss, Dido Harding, who stated at the weekend that there was no legal obligation on her company to encrypt customers’ private data.
While this may be true to the (vague) letter of the 1998 Data Protection Act, which makes no mandatory demands for data encryption, it is certainly not true to the spirit of the IT and communications industry in 2015, and it is for this reason that Harding’s statement reveals a lamentable failure in the company’s duty of care to its customers.
When corporate social network LinkedIn was hacked in 2012, leading to the theft of 6.5 million login details, the platform was rightly slammed for having not encrypted its customers’ sensitive private data. However, when Adobe was hacked a year later, with customer data loss on a comparable scale, account holders’ passwords had been ‘salted’, meaning that the software giant had a window of opportunity to reset those passwords and warn its users.
In light of these and other high-profile attacks on digitally enabled and/or cloud-based businesses, it is simply not good enough for organisations to fail to encrypt customer data, and it is an appalling and inappropriate misstep on Harding’s part to use the Data Protection Act as her defence.
Intriguingly, the story broke as US Federal Government CIO Tony Scott used a Google for Work webcast to say that there no safer place to store data in 2015 than in the cloud, while IT-disaster-prone bank RBS has clinched a deal with Facebook to allow its 100,000 employees to use Facebook at Work.
If nothing else these deals emphasise the fact that good security is not just about technology solutions to technology problems, but about policy enforcement, common sense, and good management – something that TalkTalk’s Harding now knows to her cost. Hopefully RBS – and even the US Government – won’t have similar regrets.
Elsewhere, networking equipment behemoth Cisco has announced the acquisition of corporate network security provider Lancope in a $452.5 million cash and equity deal, which absorbs the behaviour analytics and security intelligence provider into the Cisco Security Business Group.
Lancope’s systems trawl networks in real time for unusual activity, and its customers have included Cisco and – ironically – HP, which this week has moved to downsize its own security holdings as part of the rationalisation of its business, which has seen it split into two separate companies.
Cisco VP Robert Salvagno said, “Lancope has been part of Cisco’s security solution for many years through a successful commercial relationship and now we are coming together as one team. We are embedding threat protection capabilities from the enterprise infrastructure to the data centre, from mobile to the cloud, and through to endpoint.”
The deal is expected to close next year.