• Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
  • Events
  • Whitepapers
  • Spotlights
  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
  • Newsletters
  • Sign in
  •  
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
     
    • You are currently accessing Computing via your Enterprise account.

      If you already have an account please use the link below to sign in.

      If you have any problems with your access or would like to request an individual access account please contact our customer service team.

      Phone: +44 (0) 1858 438800

      Email: customerservices@incisivemedia.com

      • Sign in
     
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • Events
    • Upcoming events
      event logo
      Is it time you switched to Database-as-a-Service?

      In this webinar learn how to leverage the advantages of in-VPC deployment, multi-cluster management, hybrid cloud replication, and more, all while delivering operational transparency and low TCO.

      • Date: 13 Apr 2021
      • Computing UK, London
      event logo
      How to overcome your Active Directory consolidation challenges

      In this web seminar we explore how best to go about assessing and modernising your AD as we reveal our research findings into AD health and readiness, consolidation challenges, and strategies for success.

      • Date: 20 Apr 2021
      event logo
      DeskFlix: DevOps

      Join us for this season of Deskflix: DevOps to hear from industry experts, leading partners, and your peers on all of the above. Available live or on-demand you’ll learn about best practice, the most common challenges, and gain valuable lessons on how to approach your 2021 DevOps journey.

      • Date: 21 Apr 2021
      event logo
      Desklix: Digital Workplace

      The Coronavirus pandemic has had a huge impact on our lives with most organisations making a sudden switch to mass remote working. As restrictions are progressively eased, the impact continues, with organisations having to decide when to allow staff back into offices, what proportion of remote working should be expected, and how all of this should be supported.Take part in this virtual event to put your questions to the experts, and see what your peers have learnt from the pandemic, and how they plan to apply this understanding to 2021 and beyond.

      • Date: 12 May 2021
      View all events
  • Whitepapers
    • LATEST WHITEPAPERS
      Darktrace 120x194
      Cyber AI Response: Threat Report 2019

      This white paper details 7 case studies of attacks that were intercepted and neutralised by Darktrace cyber defense AI, including a zero-day trojan in a manufacturing company's network. Learn how Darktrace Antigena AI Response modules fight back autonomously, no matter where a threat may emerge, extending to the Cloud, Email and SaaS.

      Download
      Darktrace 120x194
      Cyber AI & Darktrace Cloud

      This white paper explores how cloud is a security blind spot for many organisations who struggle with the limited visibility and control in this new environment, where their existing security tools are often not applicable.

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Spotlights
    • Spotlights

      Welcome to Computing's Spotlight section, where we focus in on particularly important themes and topics of enterprise IT.

      Intel logo

       

      Endpoint Management and Security Hub

  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
Computing
Computing
  • Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
 
  • You are currently accessing Computing via your Enterprise account.

    If you already have an account please use the link below to sign in.

    If you have any problems with your access or would like to request an individual access account please contact our customer service team.

    Phone: +44 (0) 1858 438800

    Email: customerservices@incisivemedia.com

    • Sign in
 
  • Security

I was responsible for security at the time of the hack, says TalkTalk CEO Dido Harding

Harding tells parliament committee that she was accountable because cyber security is a board issue

  • Sooraj Shah
  • Sooraj Shah
  • @Sooraj_Shah
  • 15 December 2015
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
0 Comments

TalkTalk CEO Dido Harding told a parliament committee today that she was responsible for security when the telecoms firm was hacked in October.

Harding was quizzed by Jesse Norman, chair of the committee, as well as several other committee members, on the hack, in which 156,656 TalkTalk customers had their personal details accessed.

Harding said that she was accountable and responsible for security in the company "before the attack and now".

But Norman suggested that this can't be the case as Harding is running the whole firm, which prompted Harding to state that cyber security was a board issue, and therefore she did have responsibility for it.

Harding added: "I do have an executive director who works on the board who has a security team that works for him."

The TalkTalk CEO went on to claim that security in a telecoms company means more than just a direct security team.

"Security touches everyone in the company which is why I should be directly responsible for it," she said.

The executive director that Harding was referring to is Charles Bligh, who previously worked at IBM for 22 years before joining TalkTalk in 2011. But Harding was eager not to place blame on Bligh - or indeed any other line manager - for the failures at TalkTalk. She said that the responsibility for keeping customer data safe was split among a number of teams.

She said that the accountability for security audits and best practice sits with the security team, but implementations of systems and processes and how those comply with security policies sit with the technology team. Other security issues such as passwords are handled by an operations team.

"So it is impossible to say the director of security is responsible," said Harding, before agreeing that if the firm was to find a specific area at fault, then perhaps a line manager could be found responsible - albeit not for this hack.

"It is possible that none of them are to blame if it is a criminal attack - that's why it is a board-level issue rather than an individual-level issue," she said.

When Norman asked Harding who on TalkTalk's board is considered technically knowledgeable on cyber security, she claimed that the firm is lucky that it has a number of non-executive directors with cyber security knowledge, namely
James Powell, who is currently global CTO of Nielsen, and was formerly CTO of Thomson Reuters.

When later probed on whether Powell, and consultancy PwC which was carrying out a thorough investigation into the hack, could be trusted with information about the incident, Harding said that she had no concerns about this whatsoever.

She added that when it came to cyber security, her non-executive directors would admit that "none of us know enough yet".

"Any CEO that says they know enough about this subject means they haven't thought about it enough yet," she said.

Last month, Computing asked several CIOs who they thought would be to blame in the event of a data breach at their companies. Some suggested it would be their responsibility, while others said the CFO, and ultimately the CEO could be to blame.

Many of Harding's conclusions chime with the findings of Computing's recent research which can be found here.

 

Further reading

TalkTalk hack: 18-year old boy in Wales the fifth to be arrested
  • Legislation and Regulation
  • 25 November 2015
TalkTalk claims that hack will only cost £35m
  • Security
  • 11 November 2015
TalkTalk hack: 156,959 customers confirmed to have had details accessed
  • Hacking
  • 06 November 2015
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Security
  • Telecoms
  • TalkTalk
  • PWC
  • data breach
  • Hack
  • Dido Harding
  • Parliament
  • Thomson Reuters

More on Security

You can camp in your garden
Thank Zuck it's Friday #9 - Home Office 'super database', the software reseller claiming £270m from Microsoft and social media data breaches

This week on the IT news podcast the team discusses the Home Office's 'super database' on race, health and biometrics, the British software reseller bringing at £170m claim against Microsoft and the recent data breaches involving both Facebook and LinkedIn....

  • Security
  • 09 April 2021
Booking.com fined €475,000 for late reporting of data breach under GDPR
Booking.com fined €475,000 for late reporting of data breach

Travel firm delayed reporting the breach by 22 days, exceeding the 72-hour limit

  • Security
  • 01 April 2021
Ransomware attack alert! The tell-tale signals to look for
Ransomware attack alert! The tell-tale signals to look for

Patterns of unusual behaviour are the clearest signal of an attack, not programmes or files

  • Security
  • 01 April 2021
Petlog accused of mishandling details of customers and pets
Petlog accused of mishandling details of customers and pets

A database migration appears to have caused a data breach, with pet owners able to see other people's details and potentially register their pets as their own

  • Security
  • 29 March 2021
We discuss VR, have you tried it?
Thank Zuck it's Friday #8 - Military spending, chip fire and paid search

This week on the IT news podcast the team discusses the new military spending review, the implications of a fire at a chip manufacturing plant, and the concept of privacy-friendly paid-for internet search.

  • Security
  • 26 March 2021
blog comments powered by Disqus
Back to Top

Most read

Nearly 500 million LinkedIn users' details posted for sale online
Nearly 500 million LinkedIn users' details posted for sale online
Home Office is creating a 'super database' on people's race, health and biometrics, report
Home Office is creating a 'super database' on people's race, health and biometrics, report
IR35: MPs urge government to protect contract workers from the malpractices of umbrella companies
IR35: MPs urge government to protect contract workers from the malpractices of umbrella companies
Is it time you switched to Database-as-a-Service? Join us on 13th April to find out
Is it time you switched to Database-as-a-Service? Join us on 13th April to find out
British software reseller files £270 million antitrust court action against Microsoft
British software reseller files £270 million antitrust court action against Microsoft
  • Contact
  • Delta
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Privacy Settings
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • YouTube

im_logo

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading