With the breaking news that British Airways may have to pay a record fine of ¬£183m after the Information Commissioner‚Äôs Office, deemed the company had failed to sufficiently protect customers‚Äô data against sophisticated cyber attacks, Richard Cornell, our ISM tells us why the case highlights the importance of companies gaining the ISO 27001 accreditation for cyber security.
Richard says: British Airways is being punished for the data breach which happened simply because it lost control of its supply chain.
A number of third-party suppliers were supporting BA‚Äôs website and one of them was compromised, and nobody spotted it. When people logged onto the site to book flights and entered their card details that information was then sold off. When it was eventually seen they had to go back and they could see when the data breaches occurred and how widely affected the site was.
It highlights the importance of doing everything possible to protect customers‚Äô data to prevent attacks and breaches. The ISO 27001 standard is a UKAS approved global standard for security and safety. It is recognised internationally as a world class information security management system. Unfortunately, not enough companies recognise the importance of gaining the accreditation and Altodigital is one of just a handful of dealers in the UK to hold it.
Managing the supply chain correctly is vital to ensure everyone in it is doing everything possible to prevent cyber attacks. If your suppliers have the ISO 27001 they are far more likely to be in control of what they are doing and minimise data breaches.
If there are lessons to be learned from this it is that you can have all of the controls and technology in place within your own organisation, but most breaches occur because something in your supply chain has gone wrong.
It makes it difficult to identify what has happened and when, which makes everything so much harder to work with.
ISO 27001 is a marker to show companies are taking every precaution they can to prevent the malicious and damaging attacks by cyber criminals.