You don’t have to have an information management degree to know that computer security is a big issue these days. All you need to is look at the news. Here are three examples from August alone:
- In August, retail giant Target cut its full-year forecasts, disappointing Wall Street. The reason stretches back to 2013, with the massive data breach that apparently cost shareholders a full $148 million. But the bad news isn’t over, as ongoing profits are still feeling the effect of the debacle.
- A Russian gang allegedly stole 1.2 billion user names along with the associated passwords. The material came from small sites and well-known online brands. According to an expert, most of the sites remain vulnerable.
- The FBI was investigating online attacks targeting a number of banks, allegedly including JPMorgan Chase. The hackers reportedly had used sophisticated malware that could burrow deep into banking systems and alter the data there, and they reportedly stole gigabytes of data. The attackers could have left other backdoors open for themselves even as the banks managed to shut down the specific access venue they had used.
- The Department of Homeland Security said that more than 1,000 retailers might have malware on their systems. The software could give criminals access to credit card information acquired when consumers made purchases. Both UPS and Dairy Queen have reported that some of their locations had seen data compromised.
Who said that summer was a slow time for news?
In one sense, the high profile problems are helpful for IT departments because general executives begin to realize what could be at stake, particularly when they see earnings and stock prices feel the impact. But the flip side is more challenging, because management teams will still have difficulty understanding how difficult it is to fully protect a company and how often the weak link is some non-IT employee who clicks on a link in an email or gives away information when they shouldn’t. The lack of understanding won’t prevent them from demanding that someone “fix” everything.
More chilling, though, is the change in patterns of how attacks happen. These aren’t one-off actions taken by a group that wants to prove a point or that is angry about something. The new type of attack is sophisticated and of large scale. Behind these attacks are professionals who are interested in financial gain, not bragging rights.
The change in the style and philosophy of the attacks means that corporations will have to alter their policies and strategies to count the new threats. IT personnel will be on the front lines.