Get Aligned!

Almost every day there is a data breach in the news. Companies like Yahoo, Linkedin, Adobe, JP MorganChase, and even a US voter database with over 191 individuals details, have all been subject to breaches through various methods. With all the money and security technology at their disposal, these breaches still seem to happen, whether through lapses in security, human error, or malicious internal leaks. While the goal is obviously to prevent breaches in the first place, if they do happen – who is at fault?

Let’s first look at one of the most infamous breaches in recent times – U.S. mega-retailer Target. They are one of the largest retailers in the US, and third largest in the world based on sales. They have 1,795 stores across North America, and see almost 3 million people pass through their doors on a daily basis; needless to say, they are a data goldmine. In fact, their data is so in-depth that they once (in)famously discovered that a teen customer was pregnant before she’d even announced the news to her family. With such a vast amount of data to protect, their IT department wisely realised that they were a target (pardon the pun!) and invested in a security monitoring system called FireEye. Unwisely, on the 30th of November, 2013, when that fancy new security system notified their IT department that malware had been detected on their system, they decided to ignore it.

Fast forward to the 13th of December, two weeks after the malware was first detected, when Target received a call from a journalist called Brian Krebs. Krebs wanted to let them know that he’d stumbled across a large, fresh batch of credit cards being sold on underground marketplaces. The cards all had one significant thing in common – they had been used at Target from late November to mid-December.

During their busiest shopping period of the year, Target knew they had been infected, and chose not to react.

In total, over 70 million individuals had their account data, including full names, credit and debit card numbers, expiration dates, CVV codes, and even PIN data stolen, right under Target’s nose. Recent estimates expect Target to be liable for over $3b USD. More than 90 lawsuits have been filed against the retailer by both customers and banks, and their profit for the holiday shopping period fell almost 50%.

When Target Chairman/President/CEO Gregg Steinhafel was asked any specific questions about the incident, he had this to say: “Target was certified as meeting the standard for the payment card industry in September 2013…”. In other words, “We met the standard – what else do you want from us?” The answer to that is increasingly difficult to answer, yet couldn’t be more relevant to today’s companies.

Demonstrated by what is known as ‘negligence per se’, if there’s a law, regulation, or widely adopted industry standard, then failure to meet said standard is automatically negligence – but achieving compliance with that law or standard is not enough to prove that you weren’t negligent.

What if Target had never purchased FireEye – is ignorance an excuse? Unfortunately not. Where the law states you must take reasonable care to protect your customers’ data, that means utilising the tools available, whether or not they are an ‘industry standard’. In the rapidly advancing security marketplace, this means continuously evaluating projects and solutions that were previously deemed too expensive or unnecessary. The recent explosion of augmented reality game Pokemon Go only served to show how quickly technology can be adopted – what is out of reach one week might be vital to the company the next, so you have the responsibility to always make sure your company is ahead of the curve.

While proper prevention and protection measures should always be in place to defend your company, breaches can happen – when they do, make sure you have taken the precautions necessary to know that you have done all you can to protect your data. Your customers (and insurers!) will thank you for it!

Back to List

Related Stories

Security on the move

Security on the move

The ability to stay secure and productive anywhere, on any device is of great and growing importance to all businesses.

We look at the fi…

Read Post

Business Benefits of Microsoft Azure

Business Benefits of Microsoft Azure

Connecting Clouds: The growing pains of cloud adoption continue as organisations realise that a single solution of either Private Cloud, Dat…

Read Post

Understand & improve your security posture

Understand & improve your security posture

Gain deeper visibility into and take control of your security.

Assessing your security posture is an ongoing challenge. Increasingly soph…

Read Post

Artificial Intelligence

Artificial Intelligence

Artificial Intelligence (AI) and Machine Learning (ML) are fast becoming important pillars of many organisations’ digital transformation s…

Read Post

IT Risk Management

IT Risk Management

With today’s pressures of compliance, cybercrime and customer demands organisations can no longer afford to have ad-hoc IT Policies and IT…

Read Post

Team Talk

Team Talk

Whether you use Office 365 or not; Microsoft Teams is free. That’s right, free. As in £0. Microsoft Teams is a hub for teamwork. Keep all…

Read Post

Office 365 Powers Ahead

Office 365 Powers Ahead

Microsoft release a quarterly report each month and within the latest quarter (April, Q3 2019) of the Earnings Call section it’s more good…

Read Post

Protecting Your .UK Presence

Protecting Your .UK Presence

The clock is ticking on who can register a .UK domain in your name.

Nominet, the governing body of UK domain names, released shorter .UK …

Read Post

Checklist to Digital Transformation

Checklist to Digital Transformation

Digital Transformation is the novel use of digital technology to solve traditional problems.

It’s about finding new ways to deliver valu…

Read Post

AWS, Azure & Google: A Public Cloud Comparison Report

AWS, Azure & Google: A Public Cloud Comparison Rep…

The three leading cloud computing vendors, AWS, Microsoft Azure and Google Cloud, each have their own strengths and weaknesses that make the…

Read Post