Bloomberg Businessweek had a headline this morning: “Missed Alarms and 40 Million Stolen Credit Cards Numbers: How Target Blew It.”
Their story investigated the Target hack, where up to 70 million people had their credit card numbers stolen from the retailer’s servers. One of the nuggets the article uncovered: The company had the latest, greatest software to protect them from hackers — but when the software set off an alarm, Target ignored it.
It sounds sort of crazy, right? The burglar alarm goes off and they hit snooze?
Anthony Di Bello of cybersecurity firm Guidance Software says it’s more complicated than that. He says computer networks at large retailers and financial organizations are constantly getting hit with malware.
“There’s an indication that this isn’t just a small number — a 100 or 200 — this is 10,000-20,000 attempts against a network every day,” he says.
And an alarm goes off every time.
Sometimes it’s clear that the hack is serious. But there are a lot of false alarms. For example, when a company installs new cybersecurity software, it can take months of fine tuning to make sure it works well with others, says Cameron Camp, a cybersecurity researcher at ESET.
The malware detection tool that first sounded the alarm was installed by Target six months before the hack, according to Bloomberg. Camp says the bigger problem is that when companies aren’t sure how serious an alarm is, they aren’t structured to make decisions quickly.
“You have silos: Over here is the C-suite, and over here’s the IT guys, and once a week you have a meeting,” Camp says.
He says most companies don’t have a Chief Information Security Officer in the C-suite and there isn’t a direct chain of command when urgent cybersecurity issues come up. That’s because, traditionally, the IT department was thought of as a “glorified garage” or “where the mechanics kept the engines running.”
Of course technology’s role in business has changed dramatically. But the corporate structure hasn’t caught up. Camp expects that articles like Bloomberg’s Businessweek will help bring that change about.
“Security is a business imperative now because it costs you a lot of money when it’s done wrong for whatever reason,” he says.
We’re here to help you navigate this changed world and economy.
Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.
In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.
Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.