Securing the confidentiality, integrity and availability of information is critical to any business operation. In the Washington Post Article from Monday February 9th titled “Experts Warn of Coming Wave of Serious Cybercrime” writers Danielle Douglas and Craig Timberg discuss the rash of cyber attacks against the top retailers like Target and Neiman Marcus. While the thrust of the article is about the vulnerabilities of our nations antiquated payment systems, the American public continues to be at risk with little or no relief in sight until late 2015 when major credit card issuers are pushing for widespread adoption of credit cards with embedded chips. The technology is widely available and used throughout much of Western Europe. The current use of traditional defenses like antivirus software, firewalls and continuous monitoring provide little support once a hacker gets into your network.
What the Target incident has clearly shown, networks are far more connected than in the past. The fact that hackers could penetrate a downstream vendor that had access to the retailer’s network creates another level of sophistication that provides a challenge for today’s business operations. In order to better defend against incidents like this, business leaders must embrace the need to be vigilant in securing the critical IT infrastructure that provides for business continuity and educate their workforce on the need to understand the risk while conducting daily business operations. The threat to lower tier vendors now opens up another avenue for clever hackers to penetrate top retailer systems.
So how do we protect our systems and our personal information until more secure cards are adopted?
- The first and most important factor is incorporate cyber and supply chain security into your daily business operations. These are not standalone functions and need to be part of leaders and managers daily routine. This cannot be an additional duty for the IT team.
- Leaders must be involved in decisions to field new systems or upgrade existing systems so they provide the most secure platform possible based on the level of risk an organization is willing to accept. Leaders at all levels of the organization have a role in cyber and supply chain security.
- Knowing who has access to your systems and being vigilant in monitoring access from outside or lower tier vendors is critical and part of routine daily monitoring.
- Developing Awareness and Training campaigns to keep the workforce informed is a low cost way of improving manager and employee vigilance.
- Lastly, in the event an incident occurs, having a strong mitigation plan and react quickly. Capture lessons learned and share them with your managers so they are better informed in the future.