What makes a good airline? That answer could be different for all of us, but trust has to be close to the top of the list. We want to trust that the airline will get us to our destination, safely. We want to trust that it will be on time. We also want to trust that it will keep our personal information safe from cyber attackers.
So, in light of being breached, how should EasyJet restore that trust? Customers may have come to accept that it’s nearly impossible to prevent being breached by a nation-state actor or highly organised cyber-crime gang. What’s important is the speed and effectiveness of the response and recovery plan. So EasyJet’s response, on the face of it, seems reasonable; we were attacked by highly sophisticated attackers; we have closed off the route that they took; we continually update our defences.
The key to restoring trust, then, is the effectiveness of the response effort. EasyJet has promised to contact the 2000 customers whose card details were accessed, so as to allow them to protect themselves. EasyJet customers will want to trust that this response is giving them all the information they need, and assurance that a repeat event can be effectively prevented, or, at least, controlled.
Assuming it’s true that 9 million customers have had their details accessed, but only 2 thousand have had credit card details stolen, this suggests some controls’ issues. It seems unlikely that attackers would “only” steal the credit card details of 2000 customers; so were there different levels of credit card protection and encryption across the estate? Or was malware stealing card details as they were entered, and it took a while to notice? Neither of these explanations will enhance the trust of a customer who is now worrying about their data.
If you would like to discuss how to bring reduce the risk of a cyber breach in your organisation, then why not get in touch on +44 203 603 4733 or email us at info@three-two-four.com.