How to avoid becoming the next Target

By: Jesse Cryderman

There was a time when many businesses felt safe from cybercrime. As the number of high-profile hacking incidents continue to grow, that time has passed. Today, every business is a target. In fact, according to Jeffery Guy, a former cyber security expert for the U.S. Air Force, 70 percent of all cyber attacks are waged against small businesses. There is no way to avoid being a target, but there may be ways to avoid becoming the next Target.

It's important to point out that the number and types of individuals who perpetrate attacks has changed. "Evidence over the past number of years indicates that there is an increase in state-organized or state-funded efforts," said Adam Boone, CMO, Certes Networks. At the same time, hacking toolkits, support, and even mentors are readily available online and in hacking forums. “You don’t need to be immensely talented to pull off a hack; it doesn’t take an army of sophisticated criminals. Script kiddies can pull it off," commented Boone.

How did Target happen? According to information leaked to Brian Krebs, a web server was compromised and from there a Trojan would have been distributed to Point of Sale (POS) terminals. This malware was specifically designed to work in POS and steal credit card information directly from RAM (Random Access Memory) as soon as a credit card is swiped. Cybercriminals then would periodically enter Target’s network to gather stolen information from the different POS terminals.

Antivirus programs are obviously not the solution--we are talking about targeted attacks (pardon the pun) where malware has been specially designed to avoid the installed antivirus detection as a starter. So what can can companies do to protect themselves?

Gimme three steps

There are, of course, many different tactics that can be applied to prevent damaging data breaches. According to a recent report from Gartner, on a broad level, there are three basic steps:
  • Stop the breaches in the first place by preventing hackers from accessing to your network;
  • Prevent malware installation and operation; and
  • Detect breaches as quickly as possible and take immediate action.
In the case of Target, teams did detect a data breach, but they didn’t take the right or immediate action.

“Like any large company, each week at Target there are a vast number of technical events that take place and are logged. Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team," said Target spokeswoman Molly Snyder in a statement. "That activity was evaluated and acted upon."

Unfortunately, however, the security team didn't take the correct action. "Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up," she said. "With the benefit of hindsight, we are investigating whether, if different judgments had been made, the outcome may have been different."

Gimme four steps more

The Target incident resulted in the outright termination of Target’s CEO, Gregg Steinhafel. (Don't feel too bad--he left with a $21.3 million golden parachute.) This made top executives from enterprises large and small sit up straight and take notice. Security is no longer an ancillary IT function that is passed off to the geek squad. It has now become a critical component of business operations and the ultimate responsibility now falls squarely on the desk of the CEO. 

"Security is too important to be a hobby," says Adam Boone. "The issue here is that security is hard to do with a lot of the systems that vendors put in there. Enterprises rely on security from companies that are not security companies; they rely on the security features of a router, switch, or application. The typical enterprise has hundreds of applications for its employees. This is difficult to manage and difficult to configure, but it doesn't have to be."


Latest Updates

Subscribe to our YouTube Channel