Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Secure your productivity on any device, anywhere, any time.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Discover how Six Degrees has driven success for others.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » British Airways Hack: Understanding the Implications
On the morning of Thursday 6th September 2018, British Airways published a tweet stating that they were investigating the theft of customer data. Between 10:58pm on Tuesday 21st August and 9:45pm on Wednesday 5th September, cybercriminals stole the personal and financial details – including an estimated 380,000 payment cards – of customers booking flights through the British Airways website and mobile app.
The British Airways hack is one of the most serious data thefts to affect a UK company in recent years. It has now been reported that the details of around 500,000 customers were stolen, and the ICO has announced its intention to issue a £183 million fine to British Airways, 1.5% of the company’s global turnover. Although not the maximum possible fine (under GDPR legislation companies can be charged up to 4% of their turnover) this could be the biggest penalty the ICO has ever handed out and the first to be made public under new GDPR rules.
Over and above this potential hefty fine, the wider financial, operational and reputational damage suffered by British Airways are likely to be significant. What lessons can we learn from the British Airways hack, and how can you avoid a similar attack damaging your organisation?
British Airways is a large, multi-national airline with a significant profile throughout the world. Its website deals with a huge number of transactions each day, making it a prime target for cybercriminals. But despite its scale and visibility, the lessons we can learn from the British Airways hack apply to all organisations, regardless of scale or industry vertical.
Today’s cyber-attacks are sophisticated, carefully planned, ruthlessly executed, and – as the British Airways hack proves – often highly successful. Traditional security measures such as endpoint antivirus, email security and perimeter firewalls are no longer enough to protect your organisation.
True cyber resilience requires a combination of people, processes and systems. If you want to minimise the risks your business faces, you need to make prioritised, actionable cybersecurity decisions that adapt to both changing technology and the evolving threat landscape.
Although we don’t know the specific weaknesses that cybercriminals exploited in order to execute the British Airways hack, we do know that transactions carried out on the mobile app were compromised. As organisations introduce new ways to interact with people, the attack vectors available to cybercriminals evolve.
Whether it’s a mobile app that can process orders and payments, an Amazon Echo that allows you to order groceries using your voice, or a smart watch that tracks your location and health indicators, the data that is processed by the Internet of Things needs to be secured in a robust and appropriate manner.
Cyber-attacks are a threat to all organisations. If you develop a cybersecurity playbook, you’ll be in a significantly stronger position to minimise the financial, operational and reputational damage that a successful cyber-attack can cause.
As British Airways has found, communication is key. The media have reported frustrated customers who were sent a blank email by British Airways, or who found out that their data had been breached on the news before British Airways had reached out to them. A cybersecurity playbook provides all members of your organisation with a clear understanding of their cybersecurity roles and responsibilities before, during and after a security incident.
Your organisation needs to evolve its cybersecurity posture in order to mitigate the risk of suffering a damaging cyber-attack. At Six Degrees, we have developed a family of managed service offerings that cover the full scope of today’s technology requirements, all with a process and change management wrap that allows you to focus on your organisation’s key deliverables.
Our acquisition of cybersecurity services and consultancy CNS Group allows us to deliver converged security and managed services; a unique proposition that gives your organisation and your customers reassurance that your IT systems remain secure, agile and effective in driving digital transformation.
CNS Group offers Aegis – a cybersecurity maturity benchmarking tool that employs a pragmatic, risk-based approach to help your organisation make better decisions around protecting your data. Aegis forms the basis of your cybersecurity action plan. Upon completion of an initial audit, CNS Group will implement a schedule of penetration tests that will identify and enable you to remediate any vulnerabilities. These continuous penetration tests are complemented by 24x7x365 monitoring, managed from a dedicated security operations centre that delivers rapid incident response.
If you are looking to benchmark your organisation’s cybersecurity preparedness, join our webinar on 17th July and discover your Cyber Security Maturity Score with our web-based scorecard developed using decades of cybersecurity expertise. If you are seeking support in adapting to the evolving threat landscape, our experts will also share some best practice approaches to help you mitigate the risk of a cybersecurity breach.
Foreign exchange company Travelex has become the latest high-profile victim…
Every business needs to protect its information assets from accidental…
CNS Group protected a global fashion brand from financial loss…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
