The situation with Target Corporation has captured the attention of many Americans and shows just how vulnerable large chains like Target can be to data theft. Nuspire specializes in protecting large enterprise distributed network locations such as retail branches, banks, medical offices and auto dealers. For this reason, Fox2News Detroit called us and came out to our headquarters to get our input on the Target breach on December 27th. This can be seen here:
Although, because a story on an evening newscast can only provide a brief synopsis of the subject, there were some things that didn’t make it on the air which I’d like to discuss here.
It's hard to tell at this phase what Target may have done wrong. Information comes out very slowly, if at all, for a myriad of different reasons, but at the very least, if it wasn't an intrusion prevention type situation, then it was the detection scenario where maybe not enough analytics were going on in the background to look at the traffic and what was happening on a day to day basis. Timing was also a factor since the hackers chose Black Friday, a day when all the IT focus was on the functionality and making sure resources were available in the stores and less on those analytics on the backend to determine if something nefarious was going on.
There was a time when large companies could rely on their IT departments to keep them safe from hackers and external threats, but the threat landscape has quickly changed in recent years. Things have changed dramatically over the last 4-5 years in the network security space, especially for distributed networks like Target. There's a unique set of challenges and it's gone from a situation where many companies did this internally, to where it's almost required that an external force can be brought in that has the expertise, depth and range so that people who are working on these issues aren't multitasking doing other things inside the IT organization of a large company, but instead they're focused on security and doing the analytics that's required to detect those issues, follow up on them and put the remediation processes in place to act on them when something does happen. We're right in the middle of this shift in security to outsourcing. Some companies have come and some aren't there yet, but this shift has basically become a requisite now to having a threat posture that is effective.
While consumers may feel like they’re at the mercy of the hackers in this modern threat landscape, they can actually be the catalyst for change with the power of the business they bring and where they chose to spend their money. People need to understand how important they are when they shop. You're making a statement with your dollars when you decide to shop at store A or B. When breaches like this happen and consumers don't respond by voting with their dollars or caring where their data is stored and how safe it is, then there's not the accountability there to affect change.
