Everyone heard about the great Target credit-card hack of 2013.
It was a nightmare scenario — a massive security breach came to light as Black Friday and the holiday shopping season began. A lack of comprehensive security testing resulted in a situation that caused damage to Target's reputation, with subsequent reparations totaling $148 million to date, according to the New York Times. The long-term effects related to loss of consumer confidence remain to be seen.
What many people didn't hear about was how hackers entered Target's network. It wasn't quite like when 20th-century diamond dealers first learned thieves could enter through climate-control ducts, but these hackers did sneak into Target's network via one region's HVAC provider. And that kind of break-in should be just as nerve-racking for modern businesses.
Cyberattacks seem to come from new places every day. No longer do hackers have to kick down the proverbial front door. Whether it's Cross-Site Scripting or entering through a tangential third party, hackers have become increasingly creative and frighteningly effective. These newsworthy horror stories are living proof that comprehensive security solutions are no longer optional.
Still don't believe me?
Home Depot recently admitted to a massive security breach that meant hackers were reading credit-card numbers from stores' scanners starting in April 2014 or earlier. In the ensuing fallout, various parties have admitted that card numbers were not encrypted in the processing system and hackers likely had been accessing data from over 2,000 Home Depot stores for at least a year. With so many card numbers accessed, it's little surprise that the culprits were able to guess a sufficient number of three-digit security codes to sell card information on the black market.
No matter how large or small your company is, it's always possible to avoid disastrous debacles. But you have to start by acknowledging the complexity of network security, as teams and applications can number in the hundreds and thousands. And, as we've come to understand, cybersecurity is increasingly an all-or-nothing proposition. Critical applications seem obvious, but it's the hidden background processes that typically allow hackers a way in undetected.
Once you admit how daunting it sounds, it's time to find a security solution that makes it easy. Fear not — they do exist, and with the increasing ingenuity of cybercriminals, the only security that works at all is the security that tests, tracks and protects every application and third-party app in your network. Failing to be comprehensive is like investing a million bucks in a new alarm system and forgetting to put bars over the AC vents.
Without up-to-date defenses and comprehensive security testing that involves all third-party applications, companies are vulnerable to staggering attacks. In this changing cybersecurity landscape, Target and the Home Depot were the unfortunate test cases in evolving attack and defense methods. It is becoming increasingly clear that security must be comprehensive and proactive, while enterprises are still learning that implementing first-rate defenses is easier than it sounds.
Between the retailers, customers and credit-card companies caught in the crossfire, the losses are staggering. It is no exaggeration to say that with the right security-testing services, billions of dollars and countless man-hours could have been saved (and gray hairs avoided). If it were that easy to save so much money on anything else, it would be the largest news story of the year. The value proposition offered by a fully compliant security system is unprecedented.
Though one might suggest that Escape From Alcatraz or the original Italian Job are classic movies with quaint plot lines that rely on old-school escape techniques, things are surprisingly similar in the Internet Age. All it takes is one stingy security manager or air duct — er, air duct repairman's laptop — and suddenly the criminals have done the impossible. Escaped from the inescapable, stolen the unstealable. Next time anyone raises eyebrows at how much it'll cost to get your security services up to date, just tell them how much money you're saving them. Or show 'em Escape From Alcatraz. Those guys can probably see The Rock from their office windows.
Photo Source: Flickr