Menu
How to avoid becoming a victim like Target

How to avoid becoming a victim like Target

"It's technology, process and policy and technology is only one-third of the solution"

Target's failure to act when alerted that malware was in its network is a reminder that spending large amounts of money on technology is a waste without the right people and processes.

Weeks before hackers started siphoning 10s of millions of credit card numbers from Target's payment systems during last year's holiday shopping season, security personnel were warned that malware was in the retailer's computers, Bloomberg BusinessWeek reported.

The alert came from a newly installed network-monitoring tool from security vendor FireEye. The system, which cost $1.6 million to install, apparently did its job. The failure was in not responding to the alerts, experts say.

Technology like FireEye's is good at spotting potential problems, but the number of alerts is overwhelming without fulltime staff dedicated to separating the false positives from warnings that point to a serious computer breach.

"It's technology, process and policy and technology is only one-third of the solution," Avivah Litan, analyst for Gartner, said.

"If you don't have the process, which includes organization, and if you don't have the policy saying what you are going to do when you see a high alert, then it doesn't matter if you have the best technology in the world.

"The alarms are going to go off and no one is going to pay attention to them."

Why Target did not follow up on the FireEye warnings is not clear. Nevertheless, companies that deploy the same type of technology should be aware "that none of these systems are perfect," Litan said.

To make effective use of these systems, an enterprise needs to have fulltime security pros monitoring alerts. Since this is often considered too expensive, than companies have to be willing to hire a managed service provider (MSP) to do the monitoring for them, Rick Holland, analyst for Forrester Research, said.

"For the majority of companies out there, they're going to have to rely on a third party to do their SOC (security operations center) operations for them," Holland said.

Companies that go that route have to have a tight and well-managed relationship with the service provider. That partnership has to include locating in advance the computer systems that process and store the information that drives revenue for the company or would cause tremendous harm to the business if stolen. This systems list should be updated every quarter.

Knowing all of this in advance will give the MSP a clear understanding of what areas of the network to watch closely.

"The number one priority should be focusing on the important assets and detecting bad things against them way before the exfiltration (of data) occurs," Holland said.

Overall, network-monitoring tools require manpower. While the FireEye system could have been configured to remove malware automatically, that feature was turned off.

Target had determined that the software was too new and untested to have it delete files on its own. The decision was the right one, because if the software made a mistake, it could easily taken down a critical system.

"It is always the recommendation to fully test the product in the environment before turning on automatic checks," Joe Schumacher, security consultant for risk management company Neohapsis, said.

"In my opinion, it takes a lot of additional work by an enterprise to reach an automatic block level with a product as the last thing security wants is to make the business grind to a halt."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags security

Featured

Slideshows

Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Top 15 Kiwi tech storylines to follow in 2017

Top 15 Kiwi tech storylines to follow in 2017

​The New Year brings the usual new round of humdrum technology predictions, glaringly general, unashamedly safe and perpetually predictable. But while the industry no longer sees value in “cloud is now the norm” type projections, value can be found in following developments of the year previous, analysing behaviours and patterns to formulate a plan for the 12 months ahead. Consequently, here’s the top Kiwi tech storylines to follow in 2017...

Top 15 Kiwi tech storylines to follow in 2017
Show Comments