The share price (at time of writing) is down 9% and the BBC report that TalkTalk customers are likely to be ‘vulnerable and panicky’.
An unverified statement via Business Insider suggests ‘Russian Jihadist hackers’ are behind the attack that is said to have revealed the names, addresses, date of birth, email addresses, telephone numbers, credit card information and TalkTalk account information for 4 million UK customers.
Whilst you would have thought the financial information of customers, at the very least, would be encrypted, this leaves 4 million customers open to email or phone based scams.
Can ITAM help with Cyber Security?
I believe ITAM has a role to play in the defence against Cyber security attacks and should be considered part of the info security toolkit alongside traditional staples like intrusion detection and anti-virus/malware detection.
As IT Asset Management professionals, especially those of us with accurate verified inventory, we work with extremely valuable data to help prevent such attacks. For those of you just starting out – the value add to security should be integral to your business plan.
Belarc have Federal Aviation Administration, NASA, U.S. Air Force, U.S. Army, U.S. Marine Corps and U.S. Navy as customers so Sumin is acutely aware of the role of ITAM in highlighting security risks.
Sumin suggested ITAM professionals with leading ITAM practices can help security with the following data:
- Via versions – which applications or operating systems are unpatched (think about IE, Flash, Java, Windows OS)
- Which software is out of date? (Such as ActiveX, OpenSSL)
- What unauthorized machines or storage devices exist?
- What is the encryption status of devices?
- Are all devices covered by anti-virus? Is it being updated?
- Is the integrity of installed software known? i.e. is that copy of Microsoft Excel ACTUALLY Microsoft Excel?
If you know of any other areas where ITAM professionals can help with security please post them below or contact us. Thanks, Martin
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.