Comment: Dixon Carphone data breach – Veeam
July 2018 by Mark Adams, Regional VP, UK & Ireland at Veeam
In response to Dixons Carphone saying the data breach that took place last year involved 10 million customers - up from its original estimate of 1.2 million – the comment below from Mark Adams, Regional VP, UK & Ireland at Veeam.
“Breaches can happen to any business, but the fact it has taken so long for the seriousness of this particular breach to be realised is worrying. A business suffering such a breach will really need to take a look at their processes and systems. To get the scale of a breach so vastly wrong is a concern, especially when the first number of customers was already one of the most sizeable breaches of a UK business to date.
“There’s a combination of approaches that can be taken here. Firstly we’d recommend delivering a company-wide employee training program on data protection and phishing attacks. Human-led errors are still the biggest weakness for a business. You’ve got to get that right and make employees more aware of their actions.
“From a technology perspective, adding intelligent data management tools that can automatically spot irregularities and act accordingly are required. As you hear experts say time and time again, having security products enabled is no longer enough. That’s the first line of defence, but when that is breached, what’s your second-string defence like? For many its non-existent. Being prepared for the absolute worst is the key to a successful response to a data breach. While it’s near impossible to prevent all data leakage and data theft, it is clear that a strong incident response process will significantly reduce the pain associated with data breach issues.
“These days the public care a lot about how their data is handled and by whom, and they want organisations to be more proactive in managing that data, so the size of the breach is going to translate into a much higher loss than many will imagine. Customers will exit contracts and with so much competition for business, this will be an expensive breach with a long tail of damage for the organisation’s brand and reputation.”