Information Commissioner warns firms that three year olds could hack sites

Sky News is reporting that the Information Commissioner has warned that hacking into company websites has become so simple that even a three-year-old can be shown how to do it.

Web site hacking warning from Information Commissioner | Securious.001

The Information Commissioner, Christopher Graham, has told MPs that  “how to do it” guides available online give such simple instructions on how to stage a cyberattack that “The threat from three-year-old children should not be taken lightly.” Mr Graham was responding to questions from members of the Commons Culture, Media and Sport Committee in the wake of the recent TalkTalk breach.

…Mr Graham urged businesses continually to review the cyber security arrangements they have for storing customers’ personal details amid an ever-evolving threat from hackers.

He told MPs: “You can get on the internet lots of ‘how to do it’ videos including one… which shows a cyber expert showing his three-year-old child how to break into a company website.

“Companies ought to be as canny as the clever people out there who are probably breaking the Computer Misuse Act and a few other bits of legislation..”.

Simon Rice, ICO group manager, told the hearing: “You can go onto YouTube, you can go into your favourite online search engine and type in ‘how do I do an SQL injection attack?’ [a type of cyber attack] and you will get a range of tutorials, both paper documents and videos, to demonstrate how to do it.”

“There are a lot of automated tools, that essentially a three-year-old can press the button.”…

“Any other company with half a brain should be checking their systems now to make sure that they don’t land up in the same situation,” he said.

More from Sky News at Three-Year-Olds Could Hack Sites, Firms Warned

 

> Start now!
Need Cyber Essentials Certification in a hurry?

Cybersecurity: Review of keynote speakers at Secure South West 6 - Plymouth University
Cyber security - former Defence Secretary criticises companies 'in denial' of cyber threats