Recently payday lender Wonga suffered a monumental data breach with personal details from hundreds of thousands of accounts likely to have been illegally accessed. More than a quarter of a million customers have since been warned that their personal data may have been stolen.
This is yet another substantial attack. This comes on top of the recent hugely damaging attacks on a number of well-known UK brands including Tesco Bank and telecoms provider Three.
The UK’s Information Commissioner’s Office (ICO) in recent times has been getting harsher with companies for security failings, specifically where that allowed a cyber attacker to access customer data.
In the case of Three it has experienced multiple breaches. In late 2016 three men were arrested after they accessed the personal data of thousands of the company’s customers, including names and addresses. The attackers used authorised logins to Three’s database of customers eligible for an upgraded handset and the customer information from more than 133,000 users was compromised in the incident.
Wonga is also likely to feel the wrath of the ICO’s power very soon given the size of the breach that has occurred. These cyberattacks are part of a growing trend of attacks on consumer-facing organisations.
With the growth in size and frequency of attacks it is imperative for businesses to protect themselves, especially with new European laws coming into force in 2017. Companies should feel more inclined to consider security precautions as a priority, but crucially, by giving cybersecurity the attention it deserves and investing in well-managed security controls, damage control won’t be necessary.
Organisations also have a responsibility to invest in well-managed security tools, which have controls designed to prevent, detect, contain and remediate data breaches. Furthermore, organisations should take care to share simple safeguarding techniques amongst employees and make sure that they are educated around the type of attacks to expect, however ultimately, protection systems need to be put in place to keep hackers out.
As employees are an organisation’s greatest tool, the way they contribute to securing the company should also be well-managed. Those tasked with keeping an organisation secure need to ensure staff have the knowledge, tools and ability to keep themselves and the organisation safe from the myriad of threats that are looking to jump over low barriers or get through chinks in the security armour.
Responsibility for keeping the defence against attacks and threats watertight should permeate throughout the whole organisation as any weaknesses in the armour can, and at some point will, be exploited.
Effective cyber defence requires paying attention to the technologies that are available and using them in the way they are supposed to be used. Companies that take this approach will construct effective barriers meaning hackers will go elsewhere and find an easier target to attack.
Coming back to Wonga, customers who are thought to have been affected have received a message from the payday lender telling them: “We believe there may have been illegal and unauthorised access to some of your personal data on your Wonga.com account.”
The message said that Wonga was working to establish the full details but data breached “may have included one or more of the following: name, email address, home address, phone number, the last four digits of your card number (but not the whole number) and/or your bank account number and sort code.”
This is unlikely to provide much comfort to customers affected. As with other consumer brands that have been affected by cybercrime, customer trust and the value of the company itself will both be damaged – most likely very significantly.
The share price of many companies that have been attacked very often haven’t recovered since cyberattacks took place and indeed studies have also shown that company values often remain lower following a cyberattack. As with the telecoms provider Three, Wonga’s customers also have the choice of other providers. Trust therefore is a business necessity and vital to both gain and keep customers.
What is clear is that Wonga will now have to work very hard to repair its reputation. Other organisations – especially those that are consumer facing – will need to take note of the damage of such cyberattacks or data breaches. This is an issue the whole executive boardroom should be concerned about.
Ultimately the only certainty is that attacks will continue to grow in size and sophistication making the need for effective cybersecurity all the more important. The recent breach at Wonga is proof of that.
By Duncan Hughes, Systems Engineering Director, EMEA, A10 Networks