Ross Brewer, VP and MD EMEA, LogRhythm, said: “The scale and nature of this attack is astounding, with around 380,000 customers knowingly affected. We have heard many times of data breaches involving the theft of personal information which, whilst still very serious, doesn’t often include financial details. This breach involved both personal and financial information being stolen which is causing significant problems, not only for BA and its customers, but also banks which are struggling to manage the number of incoming calls to cancel credit cards.
“The fact that BA did not detect the breach in those 15 days is very worrying. This type of attack highlights why it’s incredibly important that businesses are able to automate threat detection. Organisations like BA, which stores streams of valuable customer data, are prime targets for cyber criminals, who will try everything in the book to get access. We are all much more aware and accepting that they will be successful in bypassing perimeter defences, but what’s not acceptable is them having access to data for such a long period of time undetected. It’s important that businesses learn from this type of attack and ensure they are using tools such as NextGen SIEM and User and Entity Behaviour Analytics (UEBA) which can quickly flag anomalous activity and shut it down from the outset.”
Matt Middleton-Leal, general manager, EMEA at Netwrix, has made the following comments: “While it’s positive to see that British Airways has informed its customers about a breach relatively promptly, it is possible that a larger amount of customers have been affected than stated in the official announcement. With this in mind, as personal and payment data have been compromised, all customers would be wise to change their passwords – this includes any sites where the same details are used – and contact their banks to cancel payment cards. As always in the wake of a data breach, consumers should be wary of an increase in phishing emails, in this case purporting to be from British Airways or banks. Hackers will always look to take advantage of the publicity and heightened customer anxiety following an incident.
“As for the impact on organisations, the loss of customers’ personal and financial data has serious reputational implications, and in the era of GDPR, incidents such as this can lead to vast fines. To minimise security risks, organisations should ensure they monitor user behaviour and ensure they can detect attacks in real-time, enabling them to intervene and terminate a suspicious session before an attack results in data loss or compromise.”
Ben Boswell, VP for Europe at World Wide Technology, comments: “Organisations are now the custodians of an expanding volume of sensitive customer data and must future-proof their security systems to protect customers.
“Companies now need to focus their efforts on early detection, forgoing a chase-from-behind approach to instead proactively monitor and contain attacks. This means taking full advantage of predictive security approaches which employ automation and machine learning to detect unusual activity as it happens.
“It may never be possible to create a completely impenetrable system, so the opportunity for early detection is vital to limit collateral damage.
“And it is more crucial now than ever, as the Information Commissioner’s Office has the power to levy fines under GDPR on firms that don’t report breaches quickly enough.”