TalkTalk CEO Dido Harding: extent of the damage still unknown
TalkTalk CEO Dido Harding: extent of the damage still unknown
A view from Andy Pemberton

Talk Talk boss Dido Harding's utter ignorance is a lesson to us all

On a series of news programmes late last week, Dido Harding resembled the proverbial rabbit caught in the headlights, determined to stare down the pantechnicon...

As the beleaguered – and highly paid - exec toured radio shows and TV studios, it was obvious she had paid more attention to her crisis management team than she did to the chief information officer who left TalkTalk this summer; or the other senior IT staff that have quit the company this year; or the security consultant who in September warned the company about their feeble cyber-security.

I suppose it’s not too surprising many workers inside big organisations don’t understand the quickly-evolving digital processes their companies use

For a while she bravely faced the music, holding up her hands to admit, yes, all TalkTalk’s customers – 4.2m of them – may have had their personal and financial details swiped, she also had to admit that no, she had no idea precisely how many of those were really at risk.

Last Thursday it was 4m people. Over the weekend experts put the number at 400,000.

And as well as being uncertain about the technical nature of the attack, Harding also confessed that she did not know how much of the stolen data was encrypted (a safeguard against theft). 

How could Baroness Harding be so clueless?

Ofcom data shows that between 2009 and 2014, under Harding’s reign, TalkTalk’s retail market share has shrunk by nine percentage points.

As a result, TalkTalk have had to make cuts. Harding has promised to take £140m out of the cost base by 2017.

Given the need to trim costs, was data security not a priority for TalkTalk? Harding says no. "With the benefit of hindsight, were we doing enough? Well, you’ve got to say that we weren’t," she told The Independent.

So Harding did not agree with Robert Plant, associate professor of computer information systems at the University of Miami School of Business Administration, when he said "data security is the number one critical need for corporations today"?

And she must have doubted risk analyst Don Ulsch when he stated "the ROI on security is the value of your company".

Nor did she take note when Sony‘s customer database of 77m customers was exposed in 2011, leading to a repair cost of $171m and a tarnished brand that has still not recovered.

Would Harding still be in her job if she was as baffled by the financial workings of her organisation?

I suppose it’s not too surprising many workers inside big organisations don’t understand the quickly-evolving digital processes their companies use. The fact is, digital talent is being absorbed faster than education systems can currently produce it.

Time to re-educate staff

So here’s my suggestion: it’s time for a re-education programme in digital skills, before worse breaches occur.

Staff can learn basics such as big data 101 or go deep and study cryptanalysis, the science of gaining access to the contents of encrypted messages.

First stop for Harding and her co-workers could be a look at the Social Engineer Toolkit, a cyber version of the Anarchist Cookbook, which openly provides tools and techniques for launching attacks and engaging in other malevolent behavior.

So far, it’s been downloaded over 2m times.