Why did the British Airways Data Theft Happen?

//Why did the British Airways Data Theft Happen?

Why did the British Airways Data Theft Happen?

British Airways, or as us self-respecting Northerners call it – “Heathrow Airways” has suffered a large data theft.  This has come in a string of IT Debacles that have occurred over the last 18 months.

In July, there were IT issues causing some flights in and out of Heathrow to be cancelled.   The month before, they cancelled 2000 tickets because they’d undercharged.  More worryingly, in 2017 the airline had a serious data centre power fault causing all flights to be suspended.

There’s no question that our capital’s flag carrier (see what I did there) is a hefty target for enterprising cyber criminals.  British Airways will be under constant attack and their IT systems really should be built from the ground up with security and resilience in mind.

British Airway’s recent Data Theft is likely to add further to the picture of under-investment and cost reduction in the business that has been developing in the wake of the previous issues.  Simon Calder, the Travel Editor at the Independent told the BBC that “It does not indicate that the information systems are the most robust in the airline industry.”

Certainly there had been multiple accounts of cost reduction and hiring back of experienced, skilled IT professionals as contractors.  From my perspective, it would seem as if Cyber Security, as well as more fundamental IT Infrastructure is being run on a tight budget.

Whilst I’m a grumpy Northerner who isn’t really served by British Airways offering, I have a friend who actually booked this week and is travelling over the weekend.  Certainly as soon as I heard I pinged him a message and he tells me he’s had a notification via email from British Airways to contact his credit card company.  Clearly, extra worry for any BA customer.

For IT, I have the biggest concern – I wrote a blog a little while ago about the trend of Business Executives Blaming the IT function.  Mr Pester at TSB has gone this week, I’m sure there’s another blog in that as my thought’s have changed slightly.

British Airways, much like TSB, has a parent company – in this case IAG – and who knows what pressures the wider group is placing on the airline for cost reduction.  Certainly, there’s been no really press coverage of data leaks in Aer Lingus and Iberia.  However, I’m certain there will be at some point that the IT guys will be pegged for this data breach and there is probably a much wider story with regards to whether they’re receiving appropriate funding.

Ultimately they have a historic IT system that will have been added-to many times over, people will have come and gone, skills lost, portions outsourced and the risk of budget reduction not appropriately weight with the reputational damage continued events like this will cause.

For me, investment in IT, Cyber Security, and Digital Transformation is something that is more comparable to insurance than how it’s currently viewed by CEO’s and CFO’s.  The sad fact of the matter there’s not enough CEO’s and CFO’s who really have IT understanding to fully comprehend the risks they’re subjecting their business to – viewing IT as an inconvenient on-cost and essentially a ‘black hole.’

 

  • Share on Tumblr
By |2018-09-07T15:02:02+00:00September 7th, 2018|Cyber Security|0 Comments

About the Author:

Chris is our lead Consultant in all things Cyber Security, Digital Transformation and Systems Architecture. He is a trusted advisor to many high growth businesses. Chris holds the CISSP certification in cyber/information security, an Executive MBA from Manchester Business School, MSc in Technology and Innovation Policy and a BSc in Computer Science. He produced some of the UK’s first research into Shared Services of large business and has an keen interest in bringing big business technology into the reach of mid-market companies. He has worked in various technical and business management roles, as a company director and non-executive director. He has a dislike for bureaucracy and inefficient processes (and people!). Much of the technology he implements is designed to improve processes, responsiveness to customers and management information. The views and comments in this blog however are his own and do not necessarily reflect those of Unleashed IT, its suppliers, customers or affiliates. He wishes to remind people he's from Cumbria and has the sense of humour to go with it. Sorry.