The massive Target breach hasn’t completely played out, with new developments all the time. It’s not surprising; a breach this huge is massively expensive and the cleanup represents an almost insurmountable challenge. Bloomberg BusinessWeek reported that Target spent $61 million through Feb. 1 on the breach. One of the most mysterious aspects of this particular breach is that Target had installed an excellent security system that detected the breach. Unfortunately, Target did nothing in response.
- The data of 110 million customers was compromised.
- Over 100 lawsuits have been filed.
- Banks have already spent $200 million related to the Target breach, and it’s unclear if there’s an even bigger payout on the horizon.
This was also the year of Heartbleed, a coding bug that was one of the biggest security vulnerabilities ever. Unfortunately, using Heartbleed to steal data would leave no traces, so there are no guarantees that it’s been harmless, and no guarantees that it will remain harmless. Heartbleed initiated a gigantic and costly effort by many companies to secure their systems. Consumers haven’t been as inclined to make an effort. According to Market Watch almost half of people surveyed who have heard of Heartbleed haven’t changed any of their passwords.
Data breach goes undetected as security features turned off!
Another major data incident took place mostly in 2013 but wasn’t revealed until February of this year. Neiman Marcus was under attack for eight months, setting off alerts in the network security system 60,000 times. The attackers made their software difficult to detect by giving it a name very similar to the company’s payment software, hoping (successfully) to remain invisible. The ability built into the security system to block suspicious activity was turned off.
Data breaches are becoming more costly all the time, according to a recent study released by the Ponemon Institute. Of the 11 countries that participated in the survey most saw an increase in both the cost per stolen or lost record and in the average total cost of a breach.
Some interesting findings from the research include:
- For businesses, the news is even worse; fewer and fewer customers remain loyal to a company after a breach. The Target incident was a painful example of this. Its fourth-quarter profits were down by 46 percent compared to the same period in the previous year.
- For many countries, malicious or criminal attacks have taken the top spot as the root cause of the data breaches.
- The research reveals that having business continuity management involved in the remediation of a breach can help reduce the cost.
And there’s no reason to think it’s getting any safer out there. AOL just announced it’s been attacked, with hackers accessing email addresses, contacts, and passwords. University of Pittsburgh Medical Center had 27,000 records compromised, a breach that seems to have resulted in 788 cases of tax fraud. Craft store chain Michaels said 3 million customer accounts had been compromised.
Alongside security solutions companys require a good policy for interpreting & taking action on security data.
It’s particularly interesting that in at least two cases of recent breaches there were adequate security systems in place but possibly no good policy for interpreting or taking action on security data. Much like Neiman Marcus, Target had a system that could automatically detect and delete malware. So what happened? According to two of the people who audited the system after the breach, it was turned off.
When asked about the level of security investment in their organization, the Ponemon Institute research reported that on average respondents would like to see it doubled from what they think will be spent. This will be a tough sell in many companies. However, looking at the cost of a data breach can help IT security executives make the case that a strong security posture can result in a financially stronger company.