Thwarting hackers should be major concern for companies in future

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://dailyorange.com/2015/04/cheung-thwarting-hackers-should-be-major-concern-for-companies-in-future/

Last week, Target agreed to pay MasterCard $19 million following a 2013
data breach that affected 40 million credit and debit card users.

In an age where hackers are getting smarter and electronic payments are
getting more popular, it should be retailers’ top priority to spend the
extra money and fortify their data protection systems.

The Target lawsuit is the latest settlement in a string of data hacks in
the past couple years, hitting companies like Jimmy John’s, Staples and
Michaels. Last year, Home Depot had data from 56 million credit and debit
cards stolen.

The trend even extends beyond credit and debit card information. The
personal information of 76 million households was stolen from JPMorgan
Chase, the nation’s largest bank when measured in assets. New York state
even admitted that over the course of eight years, hackers stole the
private records of 22.8 million New Yorkers. And the most notable hack as
of late has been Sony, which lost over 47,000 social security numbers and
countless emails and documents in a highly publicized mess that involved
U.S.-North Korea relations and the Seth Rogen movie “The Interview.”

It’s hard to quantify the financial costs to a company for breaches like
these because they often involve the theft of information, not tangible
assets.

But as seen by the Target lawsuit, credit card companies do incur costs
associated with issuing customers new cards and covering any fraudulent
transactions made with the stolen data. Credit cards are hoping to pass
those costs along to the breached retailers in court and getting some
compensation.

In the case of Target, those costs added up to $19 million, although some
banks seemed to think that those costs should have been much higher. But
for a company with a market cap valuation of $51 billion, $19 million is a
drop in the bucket. And the cost of Sony’s disastrous hack? The company
estimates $35 million in losses to “restore financial and IT systems,”
which is also a minor setback for a company that made $75 billion in
revenue last year.

For the time being, it seems as if retailers are more concerned with coping
with the costs than investing into future protection. In a message from
Target CEO Gregg Steinhafel, the company emphasized that it was conducting
a thorough investigation and provided free credit monitoring services to
those impacted.

There were no mentions of any preventative actions to be taken in the
future.

Investors don’t seem to be concerned with the risk of hacks either. In its
most recent quarter, Target beat expectations on its earnings per share,
and saw an increase in sales of over a billion dollars. These positive
results have kept investors optimistic about Target, choosing to ignore the
potential financial impacts of future hacks.

Hackers will get smarter and the stakes will get bigger. As the Sony hacks
showed, customer information isn’t the only thing at risk — employee
information is at risk as well. There will come a time when pressure from
customers, employees and investors will increase the pressure to better
security systems.

Until then, maybe we’re better off just using cash.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!