Skills gap analysis should prompt two questions in your mind:
- ‘are you sure you have the right people with the right skills to prevent hackers from getting to your customer data?’
- ‘do you have the right people with the right skills to spot a breach quickly – or will you have to wait until an external organisation tells you that you have a problem?’
Not addressing the skills risk can have a massive cost – 4% of global revenues in fines, lost revenue from customers leaving you for competitors, and compensation for those whose data has been stolen.
“This means it was either a direct compromise of their… booking site, or compromise of a third party provider,” he told the BBC.
Prof Woodward added that private firms using third party code on their websites and apps must continually vet such products, to ensure weak points in security don’t emerge.
“You can put the strongest lock you like on the front door,” he said, “but if the builders have left a ladder up to a window, where do you think the burglars will go?”
BA woes and GDPR fines…
In July, BA apologised after IT issues caused dozens of flights in and out of Heathrow Airport to be cancelled.
The month before, more than 2,000 BA passengers had their tickets cancelled because the prices were too cheap.
And in May 2017, problems with BA’s IT systems led to thousands of passengers having their plans disrupted, after all flights from Heathrow and Gatwick were cancelled.
“It does not indicate that the information systems are the most robust in the airline industry,” Simon Calder, travel editor at the Independent, told the BBC.
Under GDPR, fines can be up to 4% of annual global revenue. BA’s total revenue in the year to 31 December 2017 was £12.226bn, so that could be a potential maximum of £489m.
If this was indeed how the attack worked, he added, there are ways of preventing third-party code taking data from sensitive web pages.
“BA should have been able to see this,” he told the BBC.
The data breach was identified, according to BA, when “a third party noticed some unusual activity and informed us about it”. The airline informed the police and the Information Commissioner.
Matthew Burrows – President – SkillsTx