nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
TalkTalk once told GCHQ: Cyberattack? We'd act fast – to get sport streams back up

Silver badge

Fair enough.

What's that old saying? People are two missed meals or one jittery champions league group stage match stream away from revolution.

19
0
Silver badge

Throw bread to the crowds, or else!

With their mouths full they cannot chat about how bloody awful the service is.

4
0
Silver badge

Talk Talk Victim

If I had all teh doors and windows wide open in my property whilst I was out and I was then burgled I might feel like a victim but I would not be as far as insurance company (or anyone with half a brain cell) was concerned.

If you are a major ISP then shoddy security that a few script kiddies can break is not being a victim it is being inept (ignoring security as a niggly cost expense). If they had good security and someone used a zero day to breach them, or some very sophisticated social engineering then they could be more like victims,

Sport priority says it all though & reveals exactly why the were hacked so easily.

24
1
Bronze badge
WTF?

"no specific line manager for cyber security

as the responsibility cuts across multiple roles in the company."

You are an ISP, you are operating at the front end of a system with known and unknown government and non-government cyber threats, you are the gatekeeper to your customers data and home systems.

Responsibility for security shouldn't be at the line-manager level, it should be at board-level cutting across all areas of the company. What a set of morons.

35
0
Silver badge

"it was important to add that TalkTalk was still a victim."

No. TalkTalk was a negligent custodian. The victims were the customers whose data was taken.

44
0
Silver badge

TalkTalk was a negligent custodian

Borrowing Doctor Syntax's comment as a subject...

Former boss Dido Harding later told MPs there was no specific line manager for cyber security as the responsibility cuts across multiple roles in the company.

That tells us all we needed to know about the Blessed Dido Harding in the job she was supposed to be doing.

If we didn't know it already, that is.

14
0
Silver badge

Re: TalkTalk was a negligent custodian

Blessed Dido Harding in the job she was supposed to be doing.

She did a brilliant job in preparing her golden parachute. Which, as far as she was concerned, was the one area she wanted to concentrate on.

0
0
Anonymous Coward

Come on, which dipshit at TalkTalk did the survey?

I would like to be the first to point out that if your network goes down you ain't streaming sh*t so therefore your network is your main priority.

Clearly they passed the survey to a sales droid which just goes to show how completely and utterly useless they really are like my superpower which is the ability to read my own mind.

19
0
Silver badge

This is equivalent to a conventional telco saying that in the event of a system outage their priority will be do restore the premium grumble lines, not the 999/911 service. Of course any telco even implying that would have it's operating license revoked for breaching the 2003 Communications Act.

9
0
Gold badge
Coat

"event of a system outage their priority will be do restore the premium grumble lines,"

You mean it isn't?

3
0
Silver badge
Thumb Up

Wrong priorities...

The company estimated the attack cost it £42m. Since then it said it has “substantially” increased its investment in cyber security, and has appointed a chief information security officer. not giving a shit about security, customer service, and has managed to to be hacked almost quarterly every year since, yet still somehow has customers.

Fixed that for you!

14
0

TalkTalk really do need to sack their PR team.

While they're at it, they probably need to remove 80% of their C level staff too.

2
0
Silver badge

I think blaming the PR team might be a little unfair; their role is to try to make the best of a bad job.

C suite occupants are fair game, though; they created the "bad job" in the first place.

I find myself wondering what the TalkTalk Data Controller has said about the security of customer data; he/she has a statutory responsibility for its protection even if the responsibility doesn't extend as far as ensuring effective cybersecurity.

5
0
Silver badge

"the TalkTalk Data Controller"

Who?

8
0
Anonymous Coward

"the TalkTalk Data Controller"

You have more chance of finding Lord Lucan.

10
0
Anonymous Coward

Re: "the TalkTalk Data Controller"

Well he may have popped back recently to finish a job.

5
0
Anonymous Coward

I had that job once

"Hardest job in the world, that, the old Data Security Officer game... "

Name on the ICO register as the ISO and everything. My fatal mistake was to take the time (my own time, naturally) to read up on the responsibilities I had in law, and then to make reasonable efforts to keep $employer on the straight and narrow. Talk about "How to lose friends an influence people"... when I pointed out that handing customer PII to an offshore (non-DPD compliant) territory was really not allowed, it was pointed out to me that , well, that's interesting, now haven't you got some flashing lights to go stare at? And they carried on regardless. They were probably right, really, the odds of getting caught were zero, and the odds of getting any serious bother if something bad happened at it blew up were low enough when amortised across the five centuries they reckoned it'd take for the bad thing to happen were also so low as to make anything more than token lipservice and auditor-friendly box-ticking the order of the day.

6
0
Silver badge

Re: I had that job once

Upvote for the Fast Show reference.

0
0
Gold badge
Coat

Yeah but, Y'know Tamworth, well know hotbed of UK cyber crims, like Kieve

I saw it on Fox News or something, so it must be true.

That said it might be the most honest response GCHQ had on such a survey (barring the ones they found when they deep dived the ISP's internal emails of course).

2
0

Did we award our Directors lots of Money?

So... What the fuck is your problem?

4
0
Silver badge

Re: Did we award our Directors lots of Money?

Did we award our Directors lots of Money?

So... What the fuck is your problem?

The Directors probably awarded themselves lots of Money?

3
0
Anonymous Coward

"We do not recognise these comments" != we didn't say that

3
0
Silver badge

"We do not recognise these comments" != we didn't say that

Indeed. More akin to Her Ladyship no longer being "at home" to her former aquaintance who was caught diddling the 2nd Footman..

0
0
Anonymous Coward

Let me save you the trouble...

Why bother asking them for a response - Here's the standard corporate PR blurb for these matters:

=======

[InsertCompanyName] takes its customers' security seriously and takes all reasonable precautions to ensure the safety of customer data and internal audit has been initiated to establish the severity of any data breach. We cannot comment further until this investigation is completed / the press have lost interest.

=======

On a different note, it occurs to me that any organization publically advertising for a CIO in charge of cyber security may well be inviting themselves to be hacked. - It's a bit like telling the guy at PCWorld you know nothing about computers and showing him a wallet full of £50 notes.

1
0
Bronze badge

Where have I read this before...?

Somehow, something tells me it was in a Douglas Adams story.

Seems to fit, alright.

Did that ark contain security overseers with PPE degrees?

0
0
Silver badge
Mushroom

Is this PR

"We do not recognise these comments. Our biggest security priority has always been protecting our customers"

I wonder what their actual biggest or highest priority is, because I assume its making money. At this point I will give TalkTalk a plus star (1 out of 10) for saying biggest security priority and not lying by saying it was their biggest priority.

1
0
Silver badge

Re: Is this PR

Our biggest security priority has always been protecting our customers..

...ability to put money into our bank accounts.

All that other networky-techie type stuff is just too difficult. Apparently just having a load of blinkenlights isn't enough any more.

0
0
Bronze badge

42 Million??

If this attack only cost them 42 million, then they haven't done a good enough job of ensuring this doesn't happen again.

It costs a lot more than 42m for a company like this to investigate the entire network, hire more InfoSec professionals, ensure the systems are clean, purchase more InfoSec equipment, create policies, audit policies, update legacy systems, hire more employees to tackle customer relations and damage control, not to mention loss of subscriptions, etc..

Total cost should be around 200-400 million, not 42.

Either we aren't being told the truth, or they're still too ignorant about information security.

0
0
Silver badge

Re: 42 Million??

Either we aren't being told the truth, or they're still too ignorant about information security.

Place bets now!

(And they really are missing a trick - think of all those lovely tax-writedowns they are missing!)

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing