News Updates
Preventing Computer Data Theft The New Top Priority In Security
Cyber criminals recently victimized two large international payment processors, RBS WorldPay and Heartland Payment Systems. Hackers breached each company’s elaborate computer systems and compromised personal data on millions of cardholders and payroll employees, including Social Security numbers.
By the time damage control rectifies these two computer security breaches the losses are estimated to be in the billions. The Repton Group’s computer data security arm, Information Defense Corporation, could have prevented and or rapidly detected both breaches with foolproof methods, technologies, advanced computer security techniques and software, as well as with personnel analysis and vetting and processing improvements and safeguards. With the appropriate controls in place both these events would have at worst been a minor event for each entity.
According to an RBS WorldPay press release, “Certain personal information of approximately 1.5 million cardholders and other individuals may have been affected and, of this group, Social Security numbers of 1.1 million people may have been accessed.”
Heartland recently released a statement to the public indicating that it had contacted more than 150,000 merchant locations with information on its breach. Heartland CEO Robert O. Carr stated: “A piece of malicious software planted on the company’s payment processing network recorded payment card data as it was being sent for processing to Heartland.” He added that Heartland:
- Does not know how long the malicious software was in place.
- Does not know how it got there.
- Cannot ascertain how many accounts may have been compromised.
The consequences to both RBS and Heartland will likely be severe on five fronts:
- Systemic computer processing cleanup costs
- Legal challenges and settlements
- Negative brand impact
- Tarnished reputation
- Lost clients, both present and potential.
Framingham clothing discounter TJX knows firsthand how costly a computer security breach can be. When hackers invaded its systems in 2005 they stole information on 45,000 cardholders. The Boston Globe estimated the initial damages at $256 million.
But Forrester Research analyst Khalid Kark recently updated the damages to at least $500 million and possibly approaching a billion. The higher estimate includes the cost of last January’s Customer Appreciation Day, where all purchases were discounted 15%. Note these facts well:
- Customer Appreciation Day was only partially successful; many compromised cardholders remain disgruntled with TJX, as negative Internet postings show.
- The breach occurred in 2005 but was not discovered and announced until 2007.
- The hacking originated offshore.
- The cyber criminals behind the breach were part of an international ring composed of eleven members from such far-flung countries as Turkey, China, Ukraine, Belarus, and Estonia.
The Importance of Recognizing the Problem Now
Corporate CEOs and business leaders need to wake up and face the reality of cyber crime, the sophistication of its perpetrators, the catastrophic potential of its business consequences, and its national security implications. Most leaders are in denial about it, deluding themselves that the issue is related to technology only and easily handled by their unfortunate Chief Information Security Officer or other IT professional.
Data security is the responsibility of the executive team and its directors. Many of the necessary protections that must be put in place fall outside the purview of computer technicians solely with civilian experience. The technology solutions they install are often overmatched against the wiles of sophisticated cyber criminals.
Technicians with law-enforcement, military, or intelligence-gathering experience in the prevention and detection of cyber crime are the answer to this daunting challenge. The Repton Group employs such people and can provide such solutions.
The Repton Group knows firsthand from having investigated a variety of data security breaches that most organizations remain unaware of their existence until federal officials notify them. Many times what led to the compromise had more to do with the people employed and the processes utilized than with the technology itself. However, the inability to detect the breach and resultant ongoing thefts, which typically span months into years, turn compromises into catastrophic corporate events
The Only Solution
The FBI prioritizes its task this way:
- Number One: “Protect the U.S. from terrorist attack.”
- Number Two: “Protect the U.S. against foreign intelligence operations and espionage.”
- Number Three: “Protect the U.S. against cyber-based attacks and high-technology crimes.”
Given the importance the FBI places on data security, how is it so few business leaders deem it a top concern? CEOs who head top corporations that produce sensitive information or systems, or that manage sensitive information and utilize complex infrastructures to process it, must meet the security challenge.
All such corporations are vulnerable to:
- Data poisoning or theft by terrorists
- Intellectual property theft by foreign intelligence agencies
- Industrial espionage assaults by foreign governments and even by competitive foreign NGOs
- Invasive larceny by organized crime
- Vandalism by hackers
Criminals will always be with us, and have been since the beginning of time. Technology updates and multiplies their opportunities for ill-gotten gains, vandalism, espionage, intellectual property theft, and the creation of wanton mayhem.
Don’t be victimized by them. What organization can sustain such disastrous losses as those incurred by RBS WorldPay, Heartland Payment Systems, and TJX? Factor this reality into the equation: These three victims are among the unfortunate few forced so far to go public. Most data security breaches never make the news because few are required by law to be reported. The problem is emphatically more pervasive than people realize.
What are the true costs when proprietary data, that corporations invest billions to develop, are compromised? They’re incalculable. Just ask those who have paid the ultimate price from having suffered intellectual property theft or a massive date security breach. Ask, that is, provided they’re still in business.
That’s why executives must be vigilant to evaluate their assets at risk, recognize the threats to them, weigh the possible consequences of a data security breach, and then institute preventive measures to mitigate the risks, neutralize the threats, prevent catastrophic losses, and monitor the security of their data systems going forward.
Don’t take a foolish chance on being victimized by cyber criminals. The ROI on establishing comprehensive data security is immeasurable. Let the professionals at The Repton Group do it for you.
Martin J. (Marty) Schmidt
Executive Vice President
Information Defense Corporation
(732) 784-1809
mschmidt@defend-info.com
www.defend-info.com
The Repton Group
 |
 |
||||||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
 |
|
||||||||||||||
 |
|
||||||||||||||
 |
|
||||||||||||||
 |
 |
|
|||||||||||||
 |
 |
|
|||||||||||||
