Another day, another hack: fall out of the TalkTalk breach

Another day, another hack: fall out of the TalkTalk breach

Another day, another hack: fall out of the TalkTalk breachPaul German, VP EMEA, Certes Networks

Yet another breach has hit the hacking headlines, but are we surprised? Too many high-profile breaches have been under speculation so far this year, and businesses are still failing to put proper security measures in place to not only make the system more difficult to hack, but to limit the scope if a breach does occur.

Although the details of the TalkTalk breach are still unknown, one thing is for certain: TalkTalk must not have had a software-defined security strategy in place, focusing on users and applications rather than the network itself. How do we know this? If TalkTalk had cryptographically segmented its security system into predefined and clearly understood fragments, the breach would have been more manageable, instead of system wide.

The TalkTalk breach shows that assuming internal networks are safe and trusted is no longer acceptable. Hackers have turned trusted networks into playgrounds, moving laterally from system to system and liberally exfiltrating data. By compromising one user, even a contractor, hackers get past the firewall and enjoy access to essentially anything. When a no-trust security model is in place, it means that no network is trusted, inside or outside the perimeter, no user is fully trusted and equally, no device is trusted.

TalkTalk needs to take note: the most secure enterprises have adopted crypto-segmentation; meaning that they encrypt all sensitive application flows inside and outside the perimeter. To achieve this requires eliminating siloes and establishing a centralised method of creating and managing policies, and keying for end-to-end protection across all applications and networks. Building on the identity and access control technologies widely deployed, a cryptographic relationship creates a clean and unbreakable link between each user and the permitted data and applications, meaning that if a breach does occur, the hacker is limited with the information and data that it is able to exploit.

Crypto-segmentation combined with role-based access means authorised users can access applications encrypted from server to user. If a user is compromised, hackers can access only that user’s applications. Lateral movement to more sensitive applications is blocked, and the breach is therefore contained. This could have stopped the TalkTalk hackers in their tracks.

Architectures need to quickly adapt to the new world of user and application mobility by ensuring that network segmentation and application isolation can be applied across all environments, irrespective of network level control. User access control policies must be applied and enforced in real-time, across all users and applications both inside and outside the traditional firewalled perimeter.

The time for the industry to recognise that a fresh approach is needed is now. We must question how many more high-profile breaches like the one TalkTalk is currently dealing with are needed before clear and concise action is taken by the businesses most at risk.

[su_button url=”http://certesnetworks.com/” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]For more on Certes Networks click here[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

New McAfee research reveals 61% of IT professionals have experienced a serious data breach

McAfee research reveals that 61% of IT professionals are struggling to protect their company against data breach.
Candace Worley

New McAfee research reveals 61% of IT professionals have experienced a serious data breach

Integration of Security Solutions and Employee Training Recognized as Top Steps to Reduce Growing Severity of Breaches
CISOs

All I want for Christmas: A CISO’s wishlist

As Christmas fast approaches, CISOs and cyber security experts are putting plans in place for 2019 and what could have been done differently this year.

All I want for Christmas: A CISO's wishlist

As Christmas fast approaches, CISOs and cyber security experts are putting plans in place for 2019 and what could have been done differently this year.

500 million guests affected by Marriott data breach

Marriott International has confirmed a data breach to the Starwood guest reservation database which has seen the details of up to 500 million guests stolen.

The human factor: why behaviour is the weak link in cybersecurity

The news of serious data breaches is becoming an almost daily occurrence, to the point that many companies view it as an inevitability.

Why communication is key when responding to data breaches

Many businesses set about increasing preventative measures and cyber security defences, creating an incident response plan can often be left off the list.
Scroll to Top