RadioBDC Logo
| Listen Live
< Back to front page Text size +

Target credit card data theft shows everything is hackable

Posted by Chad O'Connor  December 20, 2013 02:00 PM

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

The news that 40 million Target customers’ credit and debit card accounts may have been revealed to cyber-criminals who gained access to the store’s payment card data highlights a simple and uncomfortable fact: American companies are lagging behind the hackers who are intent on stealing their data and disrupting their operations.

As cyber-attackers grow in number, capability, and sophistication, firms must ensure that their security systems and procedures keep pace. Improving cyber-security isn't a challenge solely for intelligence agencies and the Department of Homeland Security. Only about 10 percent of America's critical infrastructure is owned by the government. And while programs like DHS’s Enhanced Cyber Security program are ramping up to share threat intelligence for critical infrastructure, the private sector also has to take responsibility for protecting its systems against attacks as well.

Today, most American workers use a wide variety of technologies that are extremely vulnerable to malicious attacks, from laptops and tablets to smartphones and security badges. Simply setting passwords and installing antivirus software is no longer sufficient.

The badges and key fobs used by many employees, especially those working with sensitive data, also present a host of security challenges. Even "social engineering" -- i.e., tricking people into giving out passwords and sensitive information -- continues to threaten countless companies, despite years of effort to educate people about this danger.

Anything with a chip is at risk as the “Internet of things” migrates beyond mobile devices. In other words, when it comes to the technology we use in our daily lives, everything is hackable.

Cyber attacks at large companies like Target get plenty of media attention but it’s not just big retailers that are at risk. Hackers have already shown that insulin pumps and pacemakers are vulnerable to attack. Earlier this year, researchers discovered a password vulnerability affecting 300 medical devices manufactured by 40 different firms. It's a matter of when -- not if -- these devices become the objects of cyber attacks. Household appliances, home security devices and even the cars we drive—all of these now rely on technology that can be compromised.

Robust security measures need not be imposingly complicated or expensive. A decade ago, many of the most effective cyber security technologies were classified or the exclusive property of the military and federal government.

Today, however, many cyber security technologies are available to private firms and small businesses at a reasonable cost. And management and operations techniques have been developed that safeguard critical resources.

Here are four tips to safeguard your business from cyber attack:

1. Reduce the number of internet connections into your company's servers to cut back on attackers' access. Fewer external connections mean fewer vectors for attack.

2. Don’t just focus on strengthening firewalls to keep attackers out. Monitor sensitive data to keep it from leaving secure networks. This will prevent attackers who breach a server from actually getting what they want.

3. Teach your employees safe cyber behavior. The most secure firewalls mean little if employees circumvent barriers or ignore cyber security policies.

4. Monitor your networks for behaviors that violate best practices. Most employee policy violations aren't intentionally malicious but this “insider threat” from colleagues down the hall can still create opportunities for attacks and data breaches.

The simplest approach is educating your company’s employees to be “sentries” so to speak that guard your cybersecurity. Giving each the knowledge and responsibility to protect the network they use has been a successful model for us at Raytheon. In fact, twice-yearly training sessions have helped cut down on click-throughs to malicious emails by more than half.

Target reported today that customer names, debit or credit card numbers and card expiration dates were taken at a time when many people were busy shopping for the holidays. The news highlights that the cyber threats faced by American businesses have never been more acute and the business case to counter these threats has never been more compelling.

Companies must evolve with the times and have in place network security measures that go beyond just keeping pace with the threats. Simply setting a password is no longer a sufficient safeguard. Firms must adopt new security technologies and foremost, better educate their employees as the best defense to prevent attacks and protect their sensitive data.

Lynn A. Dugle is president of Raytheon Intelligence, Information and Services, a $6 billion business of Raytheon Company, a technology and innovation leader specializing in defense, security and civil markets throughout the world.

This blog is not written or edited by or the Boston Globe.
The author is solely responsible for the content.

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Boston World Partnerships' expert "Connectors" discuss business strategy, entrepreneurship, Boston's place in the world economy, and much more. Using their insider perspective, they illuminate how Boston's innovative companies start, grow, scale, and go global.

Meet Boston's coolest, smartest and most dynamic founders in our REEL Innovators video series!