Comment: Dixon Carphone data breach – Veeam
July 2018 by Mark Adams, Regional VP, UK & Ireland at Veeam
In response to Dixons Carphone saying the data breach that took place last year
involved 10 million customers - up from its original estimate of 1.2 million –
the comment below from Mark Adams, Regional VP, UK & Ireland at Veeam.
“Breaches can happen to any business, but the fact it has taken so long for the
seriousness of this particular breach to be realised is worrying. A business
suffering such a breach will really need to take a look at their processes and
systems. To get the scale of a breach so vastly wrong is a concern, especially when
the first number of customers was already one of the most sizeable breaches of a UK
business to date.
“There’s a combination of approaches that can be taken here. Firstly we’d recommend
delivering a company-wide employee training program on data protection and phishing
attacks. Human-led errors are still the biggest weakness for a business. You’ve got
to get that right and make employees more aware of their actions.
“From a technology perspective, adding intelligent data management tools that can
automatically spot irregularities and act accordingly are required. As you hear
experts say time and time again, having security products enabled is no longer
enough. That’s the first line of defence, but when that is breached, what’s your
second-string defence like? For many its non-existent. Being prepared for the
absolute worst is the key to a successful response to a data breach. While it’s near
impossible to prevent all data leakage and data theft, it is clear that a strong
incident response process will significantly reduce the pain associated with data
breach issues.
“These days the public care a lot about how their data is handled and by whom, and
they want organisations to be more proactive in managing that data, so the size of
the breach is going to translate into a much higher loss than many will imagine.
Customers will exit contracts and with so much competition for business, this will
be an expensive breach with a long tail of damage for the organisation’s brand and
reputation.”