Comment: Dixons Carphone data breach
Following the news that the Dixons Carphone data breach actually affected 10 million customers - rather than the 1.2 million initially estimated, Aaron Higbee, CTO and cofounder at Cofense (previously PhishMe) comments:
"The news that the data breach suffered by Dixons Carphone has now affected 10 million customers, far more than the 1.2 million initially estimated, is no doubt a concern for all those whose data is held within the company and particularly for those with non-EU issued cards not protected by chip and pin. What will be especially interesting in the investigation currently underway by The National Crime Agency however, is what security really looked like for a company that had already been fined for its inadequate security and had recently undergone a merger.
"The IT infrastructure within any company can be complex and with the rise in cloud services, shadow IT is undoubtedly on the increase. This is often worsened when a merger has taken place. In terms of security, a lack of visibility and control over IT is a huge problem; you can’t secure what you don’t know exists, particularly if you rely on plug-in security solutions. "Consequently, security defence needs to evolve and improve as a business grows and threats evolve. The only way to do this effectively is to deploy a business’s most adaptable and intelligent resource - its employees. With a human defence shield identifying suspicious activity, reporting it in a way that is simple, yet gives the security team all it needs to triage against other incidents, cyber intelligence can be generated and fed back into the business to make those first line responders even more effective. By combining real-time time attack intelligence from phishing-aware humans with leading-edge technology, organisations can identify and disrupt active attacks in progress quickly with fewer resources - even if the attack bypassed perimeter controls."