Skurio comment on IT operator Sita’s breach affecting airlines
March 2021 by Jeremy Hendy CEO Skurio
Following the news that IT operator Sita have reported a breach to their systems affecting numerous airlines they serve, Skurio CEO Jeremy Hendy comments the following:
“Details of frequent fliers are a treasure trove for cybercriminals and this breach acts as a stark reminder of the third party risks that all organisations face. Breaches often happen through a security failure at a supply chain partner, sometimes three or four levels removed from an organisation. It is impossible to defend a thousand different perimeters spread across all the third parties, each with their own network of connections. That’s why it’s important to secure the data, not just the network.
No matter how good your own network security, someone else may leak your data and bad actors are ready to exploit this. Businesses need to adopt a data centric approach to security which includes improving security training and awareness for staff, especially when using third party applications outside the jurisdiction of IT.
Organisations that hold customer data must enforce security standards with their own suppliers, require ISO certification and set mandatory requirements for data processing. Fail to do so and there will be difficult questions for the business to answer, while having significant impact on reputation and customer trust in their brand. There is also the potential for user details to be used in follow-on phishing attacks by personating many types of businesses. The customers of these airlines, who are the true victims of this attack, should be prepared for these”.