Is Your Critical Business Information Safe?

Recent news indicates that two large payment processors have become the victims of electronic compromise.

According to RBS WorldPay in a press release the company states “Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed”.

Heartland in a statement to the public indicated that it contacted more that 150,000 merchant locations with information on the breach. Further statements by Heartland’s CEO indicate “A piece of malicious software planted on the company’s payment processing network recorded payment card data as it was being sent for processing to Heartland” He further stated it does not know how long the malicious software was in place, how it got there or how many accounts may have been compromised.

Certainly the consequences for both organizations will be severe between the costs of clean up, legal challenges, and brand impact. According to reports by the Boston Globe the cost of TJX data breach involving 45M credit cards was $256 million. Final costs in the TJX breach are estimated to top $500 million and possibly approach $1 billion according to Forrester Research analyst Khalid Kark. What organization can reasonably withstand such losses? What are the costs when proprietary data that corporations invest billions into creating is compromised? Most compromises never make the news as few are required by law to be reported.

The FBI lists its number 1 priority as “Protect the US from terrorist attack”, its 2nd priority as “Protect the US against foreign intelligence operations and espionage”; and its 3rd priority as “Protect the US against cyber-based attacks and high-technology crimes”. How is it that these issues are not top concerns of our business leaders which head corporations that produce sensitive information and systems or manage sensitive information and infrastructures? Such entities are subject to attempts of data poisoning from terrorists, targeted by foreign intelligence for intellectual property, and or organized crime groups for financial gain.

Corporate CEOs and business leaders need to wake up and face the reality of cyber crime, its sophisticated perpetrators, and its potential business consequences and national security impact. Most leaders that I speak to are in denial, believing that the issue is somehow technology related and covered by their unfortunate Chief Information Security Officer, or other technology professional.

Clearly this is a business issue which is the responsibility of the executive team and its directors. Many of the necessary protections exist outside of the technology group’s purview and technology solutions implemented to monitor breaches are largely ineffective.

I know from experience in having investigated a variety of data breaches that most organizations which suffer compromise remain unaware until such time as Federal authorities notify the organizations of their demise. Many times what lead to the compromise had little to do with technology and much more to do with people and process or the lack there of.

So what can be done? First business leaders must engage and see the problem for what it is. The criminal mind and crime have been around since the beginning of time, only the avenues of exploitation and targets change. Executives must be vigilant which begins with considering the value of assets, threats which exist, and direct the appropriate measures to mitigate the risks, and monitor activity.

There is significant ROI on establishing comprehensive security just ask those who have paid the ultimate cost having suffered theft of intellectual property or a mass scale compromise. That is if they are still in business.

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!