Of course there’s more to this than their FireEye – a lack of detection! I’ve been writing about this since 2007, yet businesses still spend 80% of their budget on protection. There’s very little detection and almost no response.
This breach has been devastating for Target. $252 Million is cost so far according to The Wall Street Journal. Both the CIO and CEO have been replaced since the breach. And Forbes’ reports tie Target’s slow start in the Canadian market to this breach.
Today’s Wall Street Journal Headline reads,
“Target Nears Settlement With MasterCard Over Data Breach” (read it)
“Settlement of $20 million would reimburse banks for costs; talks with Visa continue”
It’s another reminder that Target allowed hackers to take 40 million credit card numbers from their customers last fall.”The $20 million covers costs that banks incurred to reissue credit cards and debit cards as a result of the breach, as well as some of the fraud that resulted from the exposure of customer information, these people said.” according to contributor Robin Sidel. Note, this is just for Mastercard. Visa and others are still out there. The cost is big. And the merchant is paying.
The good news in this article is that, “other merchants are… upgrading their equipment ahead of an October deadline that will shift fraud liability from banks to merchants under certain circumstances.”
But how should we view this? Target is one of the few that discovered the attack. Merchants, and really all businesses out there, are under fire. The problem is the same in just about every account – and that problem is, the leadership is unaware of just how risky business is without proper security. Executives are focusing on beating the competition, just as Target has had their focus on new markets and beating Wal*mart.
Gaining access the asset owners is more important than ever right now. If you’re message isn’t being heard, it’s not because these companies don’t need security. It’s because the message is either missing the mark or being presented in the wrong place. The need is there – let’s get the message right, and get it to the right people. This is the time to be helping clients get their detection-response strategy in place. Next, you’ll want a way to manage this for them. Only the largest companies can manage their own security with 24/7 monitoring and predictive intelligence.
© 2015, David Stelzl