The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Friday, 14 August

More Encryption Required After Hacking

14 August 2015 | Updated 01 January 1970
 

The recent Carphone Warehouse hack this month highlights the essential need of securing of sensitive data to avoid devastating effects such losses can mean to a company.

 

According to TechWeekeurope Carphone Warehouse shares fell 2% on the morning the UK’s Information Commissioner’s Office (ICO) began ‘making enquiries’ into how the data breach happened and what could be done about it.

The potential damage to Carphone Warehouse customers is difficult to assess but the company does not deny that the data of 2.4 million people may have been compromised by whoever hacked into the system. Encrypted credit card details of 90,000 people may also have been stolen.

Despite reassurances that the cyber attack was stopped once detected, Carphone Warehouse has suffered in its reputation and from the apparent fact that its security could have been breached in such a way. As one customer told the BBC: “As a Talkmobile customer, I have just visited the Carphone Warehouse and Talkmobile websites to find out more. Guess what? I could find absolutely no mention of this on either website! It seems like they are trying to sweep this under the carpet. Not good enough.”

 

Comprehensive encryption required

Some specialists believe that the only way to properly secure data is to encrypt the entire database and elements around it, e.g. redologs or indexes and ensure that the encryption keys are kept separately in a secure repository well away from the database, its administrators or non authorised personnel. 

“That way, even if the data is hacked, without the key it cannot be read,” explained Colin Tankard, MD, Digital Pathways. “Many companies choose to use tokenisation methods where a column of data (say credit card numbers) are protected but other data remains clear and thus susceptible to hacking.”

This method is often adopted as a simpler way of ensuring PCI compliance because the real credit card data is held outside of the database and so takes the database server out of scope. “But the risk is that other data is left in the clear and in the Carphone Warehouse case, it may be that is the data which included other sensitive information,” stated Mr Tankard. He argued that the best option is to do both so that the data is truly protected. “An excellent strategy is to use a ‘stealth’ product where the data is cloaked and is not seen. Businesses storing sensitive data really do need to employ robust data encryption systems but this is a message we security professionals have been ‘banging on about’ for years – we’re starting to become hoarse.”

Picture:    Great damage has been done to Carphone Warehouse’s reputation with the latest hacking and some specialists believe greater encryption must be considered.

Article written by Mike Gannon | Published 14 August 2015

Share



Related Articles

On Trend - Can Hackers Turn The Heat Off?

Ken Munro of Pan Test Partners has written a blog - the original of which and more pictures can be accessed if you Click Here  Munro says he has found...

 Read Full Article
Action Fraud Helpline Goes Live For Live Cyber Attacks

Action Fraud, the national fraud and cyber crime reporting centre, has launched a 24/7 live cyber-attack helpline. During its pilot since October 2016, Action...

 Read Full Article
FTSE 350 - General Data Protection Awareness Good

The Government will soon be introducing its new Data Protection Bill to Parliament. With this almost certain to come into effect next May, implementing the General Data...

 Read Full Article
FTSE 350 Cyber Governance Health Check

Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new Government research and a ‘cyber health...

 Read Full Article
NCA Learns the Truth of Cybercrims at 17

In December, the National Crime Agency (NCA) launched a campaign to discourage young people from becoming involved in cyber crime, after analysis of investigations...

 Read Full Article
Software Giant Faces Up to a Creative Suite of Cyber Crime

According to the BBC, last night (3 October), software company Adobe was reporting that as many as 2.9 million customers could have had their information stolen during a...

 Read Full Article
Cyber Investigations Save UK £1.01billion

Figures announced by the Metropolitan Police Service's (MPS) Police Central e-Crime Unit (PCeU) claim that £1.01 billion in the last two and a half years has...

 Read Full Article
Top 10 IT Security Predictions for 2018

As the headline implies...in fact, blatantly states, we have the top ten IT security predictions - courtesy of Ian Kilpatrick.   1. Security blossoms in the...

 Read Full Article
Andromeda Strained - International Cyber Op Dismantles Botnet

On November 29, the Federal Bureau of Investigation, in close cooperation with the Luneburg Central Criminal Investigation Inspectorate in Germany, Europol’s...

 Read Full Article
NHS Seeks Friendly Fire Power In Cyber War

NHS Digital has announced (Nov 28) a £20m project to boost its ability to support the NHS with its data security - including making funds available to encourage...

 Read Full Article