Now here's an interesting question. What if the ONLY provider suffers a data breach, meaning if customers wish to walk out, they'll end up going without? Would customers be THAT willing to walk out then?
Clients say they'll take their money and run if service hacked – poll
Further evidence has emerged that hacked firms might subsequently suffer a customer exodus. After TalkTalk's famous data breach, 101,000 of its customers walked. Almost half (48 per cent) of the 1,000 Brits questioned by Onepoll claimed they would cancel accounts if a provider of theirs suffered a data breach. In addition, a …
COMMENTS
-
-
-
Thursday 1st December 2016 16:47 GMT Charles 9
ISPs are a utility. Utilities are a natural monopoly because of the high upfront infrastructure costs (in this case, laying down the data lines). That's why utility incumbents are so hard to unseat without either significant help (which is unlikely to be forthcoming here) or deep pockets (who in this case tend to be the incumbents, so that's out).
-
-
-
Thursday 1st December 2016 11:23 GMT Version 1.0
Gut reaction
That's an understandable reaction - but the breached provider now has a thorough understanding of the issue and should be able to prevent further breaches in future (I know I'm being optimistic here), whereas switching to a new provider means that you're jumping to a provider who's not been breached and most likely will be in the future.
The cynic in me points out that Yahoo was secure for years, until suddenly it turned out that it wasn't and hadn't been.
Frying Pan or Fire? Let me think about it ...
-
Thursday 1st December 2016 11:27 GMT Doctor Syntax
Re: Gut reaction
"the breached provider now has a thorough understanding of the issue and should be able to prevent further breaches in future"
Unfortunately the list of "respectable businesses" in the article includes at least two serial breachees.
I think there are at least 3 categories here:
Those that never learn
Those that learn from their own mistakes
Those that learn from the mistakes of others
-
Thursday 1st December 2016 14:03 GMT Mephistro
Re: Gut reaction
"switching to a new provider means that you're jumping to a provider who's not been breached and most likely will be in the future."
The problem with that approach is that if everybody follows it and remains with the breached providers, there will be absolutely zero reasons for providers to improve their security. "See? No consequences. And it's cheaper! Moar bonuses!!!"
-
-
Thursday 1st December 2016 11:49 GMT Tom Paine
100,000 out of 4.3 million customers? 2%? Yeah, that's really going to have Dido tossing and turning at night...
The sad truth is that, apart from BEC attacks which can cost firms real amounts of actual proper folding cash money, even the most spectacular security fails rarely lead to any objective damage to the firm. Did Sony go bust? Did Saudi Aramco? Yahoo? Tesco? RSA? JPMorgan? Lockheed Martin?
Nothing's going to change things at the majority of organisations where security's a tickbox exercise at best until firms go bust and directors go to jail. And I've been waiting for that to happen for a decade or more.
God, it's depressing working in infosec... I'll cheer myself up with a quick icon or four.
-
Thursday 1st December 2016 16:50 GMT Charles 9
"Nothing's going to change things at the majority of organisations where security's a tickbox exercise at best until firms go bust and directors go to jail. And I've been waiting for that to happen for a decade or more."
Which won't happen because many of those firms are transnational and can play sovereignty against countries. It's an extortion game: "You wouldn't want us pulling up stakes, would you?" Same with the corporate structure. It's designed to deflect responsibility, and with their transnational nature, they can make sure the laws never get to the people up top.
Transnational companies have more power than most sovereign nations in that regard. Unlike the countries, they can jump ship.
-
Thursday 1st December 2016 23:22 GMT Doctor Syntax
"Transnational companies have more power than most sovereign nations in that regard. Unlike the countries, they can jump ship."
It's not always that easy to jump ship. If they want to trade on any substantial scale in a particular country they'll have to consider have some footprint even if it's only a local sales office. These days regulators are starting to think in terms of fines based on global turnover so the days of being able to shrug off responsibilities might be coming to an end.
-
Friday 2nd December 2016 05:58 GMT Charles 9
"It's not always that easy to jump ship. If they want to trade on any substantial scale in a particular country they'll have to consider have some footprint even if it's only a local sales office. These days regulators are starting to think in terms of fines based on global turnover so the days of being able to shrug off responsibilities might be coming to an end."
Expect that to change as the transnationals start to push BACK. The obvious answer to trying to nail mother companies is to further separate subsidiaries on paper. Meanwhile, they'll continue to pressure legislatures while those legislatures are becoming more permissive to businesses (look at the changing stances concerning privacy).
-
-
-
-
-
Thursday 1st December 2016 19:27 GMT Mark 85
Re: No they won't
The bigger problem is getting the word out. Most users/punters/customers only get their news from MSM or maybe Facebook. Chances are, they will never know their ISP/provider has been hacked. Most just dump email from the ISP/provider to the spam bucket. If the users/punters/customers don't know, they're none the wiser.
The other problem that has been pointed out is that at least here in the States, choices are rather <ahem> limited for most of us. Bigger cities, probably not but rural, smaller cities.. definitely.
-
Thursday 1st December 2016 23:15 GMT Doctor Syntax
Re: No they won't
"Because once you are using a service, it costs time, effort and money to change."
The thing which is most difficult to change is email. You can gain independence from an ISP by using a non-ISP supplier instead of relying on the ISP's email. In the long run it's easier to have a private domain. The domain hoster of the moment can also host the email service but, as it's your own domain, you can switch to another service provider and keep the domain. Sadly it's not a solution for everyone.
-
-
-
-
Thursday 1st December 2016 18:05 GMT Anonymous Coward
Quite - TalkTalk lost hardly any customers as a proportion of their customer base, despite it being very easy to switch broadband suppliers.
The gung-ho talk about class action lawsuits also illustrates how little you can rely on survey responses, since the scope of these in the UK is very, very limited and wouldn't apply to this kind of incident. Do they think lawyers are just showing restraint in not having brought any actions to date?
-
-
-
Thursday 1st December 2016 15:48 GMT Stuart Grout
Walked from one, stayed with another.
When TalkTalk got hacked the service and price I was getting from them was nothing special so I switched to another provider for similar costs but in the hope of better service/security. I've now got into the habit of comparing and swapping landline ISP at the end of each introductory deal.
When 3 got hacked I did a comparison and the 3 product was better than any of the alternatives so I stayed. If I could have found a similar deal elsewhere then the hack would have been enough to go through the hassle of switching.
From my perspective a provider being hacked is a serious factor when considering switching, but it is only one of the factors.
-
Thursday 1st December 2016 17:48 GMT Anonymous Coward
Re: Walked from one, stayed with another.
I on the other hand moved to TalkTalk as they were investing in security and crucially their introductory deal was astoundingly good. I had been with PlusNet since 2002 but they were charging me hugely for my loyalty. I'm now 6 months into the 18 month TalkTalk contract so in 1 year I will be looking for someone new who has discovered they need to beef up security, and gives a very good introductory offer on FTTP.
-
-
Thursday 1st December 2016 16:27 GMT nematoad
Alternatively.
Why bother to try and breach all these firms security when the government will have all of your details. Just breach them and hit the jackpot. Then where are you going to turn?
And if you believe all the BS about how well all your personal data will be protected then you might be interested in a bridge I have for sale.
-
Thursday 1st December 2016 16:52 GMT Charles 9
Re: Alternatively.
"Why bother to try and breach all these firms security when the government will have all of your details. Just breach them and hit the jackpot. Then where are you going to turn?"
IOW, just assume your cover is blown and instead stock up on the canned food and petrol. At least Americans also have easy access to shotguns.
-