Since originally reported last month, the number of people potentially affected by the security breach at Target has grown by nearly 200%, making it one of the largest attacks in the retail industry. And at the same time that Target is claiming to have everything under control, we are learning that another major U.S. retailer has also been the victim of a cyber attack.
These revelations have left most people wondering: how on earth could this have happened? It’s not as if Target – and Nieman Marcus for that matter - did not have security in place to protect against these types of incidents. As the third largest retailer in the U.S., Target surely has the resources to take security very seriously. The sobering reality, however, is that if breaches like this can happen to these organizations, they can happen to anyone.
According to the 2013 Data Breach Investigation Report by Verizon, top three causes of these types of attacks include:
- Malware (41%): any malicious software, script, or code added to an asset that alters its state or function without permission.
- Hacking (53%): all attempts to intentionally access or harm information assets without (or in excess of) authorization by circumventing or thwarting logical security mechanisms.
- Social (29%): stealing information through phishing, bribery extortion and other means.
The report also notes that it is common for attackers to use a combination these, or other, techniques. So, where Target has indicated that the attacks were a result of malware on their point-of-sales (POS) terminals, it’s possible that hacking was used to install the malware.
Regardless of what is eventually uncovered, the attacks have not only resulted in Target lowering its fourth quarter earnings estimates but also in harming existing relationships with their customers.
As we previously noted, because IT security decisions, or lack of decisions, can impact a company’s brand, sales or, if publicly traded, stock performance, the responsibility of protecting a company’s IT infrastructure should never fall entirely on a company’s IT staff. “The consequences of a security breach ripple well beyond the IT department,” said Kurt Bager, CEO, Netop. “To protect a company’s customers, staff, investors and reputation, senior management must be actively engaged in discussions related to security.”
For nearly 30 years, Netop Remote Control has helped retailers, financial institutions and healthcare companies gain access to remote technology assets while mitigating security risks against authorized personnel. To learn more or sign up for a free trial, visit our website.