Securing business data

Blog Item

British Airways Suffers Huge Data Breach at Hands of Organised Cyber Criminals

by Giulia Foss | Sep 10, 2018

shutterstock_349900709As many of us woke up last Friday, we would have been made aware of the latest breach to affect the UK.

British Airways, one of the country’s institutions has admitted to suffering a serious cyber attack.The British Airway’s website was infiltrated by hackers, who are believed to have accessed around 380,000 people’s personal and financial details. The news comes after a long line of breaches of large companies including Equifax, HBO and Dixons Carphone.

As of yet, we do not know the full impact of this attack, but the reality British Airways is now facing is a difficult one. When we've seen attacks like this in the past, the consequences have been dire, from huge amounts wiped from company shares, through to long lasting or  irreversible reputational damage. The impact of breaches like this are often far reaching and fundamentally unpredictable.

But what could British Airways have done to avoid this kind of incident, what should they do now and how can they prevent further breaches?

Bracing your organisation

If you ask an information security professional if cyber attackers are smarter than they are – the answer is no. But if you ask the question about if they can they move faster – the answer is absolutely yes. When an organisation needs to improve its security posture with a new technology, the evaluation, procurement, implementation and testing process adds considerable time before the business is able to action change. Meanwhile, an attacker can quickly use any new attack vectors increasingly cheaply.

Speed to value is one of the reasons why an increasing number of UK organisations of all sizes are exploring Managed Security Services (MSS). MSS are a sure way to increase the time to value of any cyber investment. And although larger organisations such as British Airways may have the resources to  fund dedicated cyber security elements, without a pure focus in this area, resources often become rapidly outdated in a quickly evolving threat environment.

By employing external Managed Security Services from the right supplier, organisations struggling can access new capabilities such as proactive and protective monitoring, security incident management and capable threat detection. Employing these cutting-edge skills can help to combat threats and achieve commercial or government compliance levels, offering contextual cyber intelligence. 

Cyber intelligence

Like air traffic control, being entirely aware of what’s out there so you can avoid any potential dangers is crucial! Organisations need a complete and constant overview of their digital environment.

The ability to get ahead of attackers and respond in real-time to incidents is a capability that many organisations do not have the infrastructure, skills or resources to provide today. Selecting and making sense of the right external threat feeds, aggregating and correlating security event log data, putting this data in context for your business and recommending the right actions, not only requires a specific skill set but to be effective it also needs a brutal 24/7/365 focus. This comes In the form of Manged Security Services (MSS)

To avoid the cyber threats that exist, it is important that organisations seek a Managed Services partner that will work as part of their team to minimise risk, maintain availability and drive efficiency across their IT infrastructure. It’s key that the MSS providers they partner with invest in building knowledge and have relevant accreditations, so that they have access to these skills without having to worry about how they find, maintain or retain them.

We don’t know exactly what British Airways infrastructure entails, but the reality is if you don’t have a dedicated Cyber Security Operations Centre (CSOC) with the right skillset, chinks in your armour can quickly and easily be exploited and the implications can be disastrous.

What to do in the case of an emergency - Cyber Incident Response (CSIR)

For British Airways, or any company that finds themselves in the aftermath of such an attack it’s time to look at emergency procedures.

Our first port of call for companies that have suffered a breach is our Cyber Incident Response service, which provides a dedicated Cyber Rescue Line and for many of our clients peace of mind is sought by knowing that they can call on experts when they need to, any time. Having direct access to experienced Cyber Security consultants could be the difference between surviving an attack or suffering. This  becomes especially important when an organisation has to report a breach within a time limit.

The CNS Six Degrees CSIR Service is an incident response process, fulfils the requirements of multiple standards. Something that is vitally important in light of GDPR legislation which compels company’s to report a breaches within 72 hours. 

How can your organisation become fully Cyber secure?

As a leading provider of cyber security services, we work across the board protecting organisations from the threats that exist within the cyber landscape. Our dedicated Security Operations Centre located in a secret UK onshore location provides 24/7/365 threat detection and protection to some of the UK’s most valuable assets, from banks to government facilities.  As a part of Six Degrees we are able to provide not only scale, but holistic solutions for organisations that are going through the process of digital transformation and striving to implement a robust cyber security frameworks.

Sign up to CNS’ Cyber Security Incident Response Line service now and improve your security confidence with 24/7 monitoring and expert support.

We are currently offering this service at a discounted rate for any company signing  up by October 31st 2018

Please CONTACT US and we will be in touch shortly.

 

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere