Former TalkTalk CEO (UK) Alerts Firms to Finance in New Tech to Evade GDPR Breaches

June 15, 2018

 

Dido Harding, the ex CEO of TalkTalk, has alerted firms to substitute all legacy technology systems before in order to evade being hit with huge penalties.

Harding, present to deliberate the consequence from TalkTalk’s 2015 hack, was addressing at the yearly InfoSecurity Europe meeting in London previous week said that it is crucial for firms to check their legacy technology as quickly as they possibly can. Drawing equivalents with the data breach that her previous firm faced she said: “We were a company that had grown through many purchases, and a company that we had purchased had purchased a business, that had purchased a business, that had a legacy website that had a very simple SQL injection weakness in a legacy website that had not been used in two of those three purchases.”

Because of this, there was a fault in a legacy system that resulted in the disastrous data breach of TalkTalk’s systems in 2015 which led to 157,000 customers’ bank details and personal information being thieved. The Information Commissioners Office applied a data breach penalty of £400,000 to the firm, a record penalty at the time that is was approved.

Talking about the fault that impacted the clients and the technology that TalkTalk was using he said: “No one of us noticed it. We must have done, however, none of us did. It’s the legacy that gets you. It is purchases and legacy within acquisitions that gets you. And its business leaders not actually hearing from their safety specialists that they require to spend money in decommissioning the legacy – whether they attained it or built it themselves. And that is pretty much what occurred to us.”

“The huge majority of boards desire to be able to relinquish accountability by asking their safety specialists ‘are we ok?’” she said, “and you must not let them ask that question.”

“If you are running an oil rig, as the chief exec, you would not go ‘are we physically OK?’. You’d ask a different query; you’d say ‘what are the dangers? What are the dangers I’m happy to accept, and what are the dangers that I am really concerned about that we require to be pushing to alleviate?’”