The British Airways hack has affected 380,000 payment cards – a huge breach of personal data. What lessons can we learn from this latest high profile cyber-attack?

On the morning of Thursday 6th September, British Airways published a tweet stating that they were investigating the theft of customer data. Between 10:58pm on Tuesday 21st August and 9:45pm on Wednesday 5th September, cybercriminals stole the personal and financial details – including 380,000 payment cards – of customers booking flights through the British Airways website and mobile app.

The British Airways hack is one of the most serious data thefts to affect a UK company in recent years. We won’t know the full impact of the hack for some time, but the financial, operational, and reputational damage suffered by British Airways are likely to be significant.

What lessons can we learn from the British Airways hack, and how can we avoid a similar attack damaging our organisations?

British Airways Hack: What Lessons Can We Learn?

British Airways is a large, multi-national airline with a significant profile throughout the world. Its website deals with a huge number of transactions each day, making it a prime target for cybercriminals. But despite its scale and visibility, the lessons we can learn from the British Airways hack apply to all organisations, regardless of scale or industry vertical.

Lesson One: Prevention is Better than Cure

Today’s cyber-attacks are sophisticated, carefully planned, ruthlessly executed, and – as the British Airways hack proves – often highly successful. Traditional security measures such as endpoint antivirus, email security, and perimeter firewalls are no longer enough to protect your organisation.

True cyber resilience requires a combination of people, processes, and systems. If you want to minimise the risks your business faces, you need to make prioritised, actionable cyber security decisions that adapt to both changing technology and the evolving threat landscape.

Lesson Two: Attack Vectors are Changing

Although we don’t know the specific weaknesses that cybercriminals exploited in order to execute the British Airways hack, we do know that transactions carried out on the mobile app were compromised. As organisations introduce new ways to interact with people, the attack vectors available to cybercriminals evolve.

Whether it’s a mobile app that can process orders and payments, an Amazon Echo that allows you to order groceries using your voice, or a smart watch that tracks your location and health indicators, the data that is processed by the Internet of Things needs to be secured in a robust and appropriate manner.

Lesson Three: Develop a Cyber Security Playbook

Cyber-attacks are a threat to all organisations. If you develop a cyber security playbook, you’ll be in a significantly stronger position to minimise the financial, operational, and reputational damage that a successful cyber-attack can cause.

As British Airways have found, communication is key. The media have reported frustrated customers who were sent a blank email by British Airways, or who found out that their data had been breached on the news before British Airways had reached out to them. A cyber security playbook provides all members of your organisation with a clear understanding of their cyber security roles and responsibilities before, during, and after a security incident.

Evolve to Protect Your Organisation from Cyber-Attack

Your organisation needs to evolve its cyber security posture in order to mitigate the risk of suffering a damaging cyber-attack. At Six Degrees, we have developed a family of managed service offerings that cover the full scope of today’s technology requirements, all with a process and change management wrap that allows you to focus on your organisation’s key deliverables.

Our acquisition of cyber security services and consultancy CNS Group allows us to deliver converged security and managed services; a unique proposition that gives your organisation and your customers reassurance that your IT systems remain secure, agile, and effective in driving digital transformation.

CNS Group offer Aegis – a cyber security maturity benchmarking tool that employs a pragmatic, risk-based approach to help your organisation make better decisions around protecting your data. Aegis forms the basis of your cyber security action plan. Upon completion of an initial audit, CNS Group will implement a schedule of penetration tests that will identify and enable you to remediate any vulnerabilities. These continuous penetration tests are complemented by 24x7x365 monitoring, managed from a dedicated security operations centre that delivers rapid incident response.

If you are looking to benchmark your organisation’s cyber security preparedness, or you are seeking support in adapting to the evolving threat landscape, download CNS Group’s whitepaper on Bridging the Gap Between IT and the Board. We’ll help you understand how your organisation can achieve full cyber security.