The massive Target breach hasn’t completely played out, with new developments all the time. It’s not surprising; a breach this huge is massively expensive and the cleanup represents an almost insurmountable challenge. Bloomberg BusinessWeek reported that Target spent $61 million through Feb. 1 on the breach. One of the most mysterious aspects of this particular breach is that Target had installed an excellent security system that detected the breach. Unfortunately, Target did nothing in response.
This was also the year of Heartbleed, a coding bug that was one of the biggest security vulnerabilities ever. Unfortunately, using Heartbleed to steal data would leave no traces, so there are no guarantees that it’s been harmless, and no guarantees that it will remain harmless. Heartbleed initiated a gigantic and costly effort by many companies to secure their systems. Consumers haven’t been as inclined to make an effort. According to Market Watch almost half of people surveyed who have heard of Heartbleed haven’t changed any of their passwords.
Another major data incident took place mostly in 2013 but wasn’t revealed until February of this year. Neiman Marcus was under attack for eight months, setting off alerts in the network security system 60,000 times. The attackers made their software difficult to detect by giving it a name very similar to the company’s payment software, hoping (successfully) to remain invisible. The ability built into the security system to block suspicious activity was turned off.
Data breaches are becoming more costly all the time, according to a recent study released by the Ponemon Institute. Of the 11 countries that participated in the survey most saw an increase in both the cost per stolen or lost record and in the average total cost of a breach.
Some interesting findings from the research include:
And there’s no reason to think it’s getting any safer out there. AOL just announced it’s been attacked, with hackers accessing email addresses, contacts, and passwords. University of Pittsburgh Medical Center had 27,000 records compromised, a breach that seems to have resulted in 788 cases of tax fraud. Craft store chain Michaels said 3 million customer accounts had been compromised.
It’s particularly interesting that in at least two cases of recent breaches there were adequate security systems in place but possibly no good policy for interpreting or taking action on security data. Much like Neiman Marcus, Target had a system that could automatically detect and delete malware. So what happened? According to two of the people who audited the system after the breach, it was turned off.
When asked about the level of security investment in their organization, the Ponemon Institute research reported that on average respondents would like to see it doubled from what they think will be spent. This will be a tough sell in many companies. However, looking at the cost of a data breach can help IT security executives make the case that a strong security posture can result in a financially stronger company.
Sign-up for email updates...