News

05:23 PM
Jonathan Camhi
Jonathan Camhi
Slideshows
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

Breaking Down the Impact of the Target Breach

The payments, banking and retail industries are still experiencing the fallout of the major data breach that hit Target last year. We take a look at the numbers behind the breach’s repercussions for banks, hackers and consumers.
Previous
6 of 5
Next

 

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Previous
6 of 5
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
3/27/2014 | 7:14:50 PM
re: Breaking Down the Impact of the Target Breach
Yes, you are 100% correct about this. Banks looks at fraud as a cost of doing business. Right now, they can absorb the losses and it is a cost of doing business.

To actually address the security loopholes sometimes costs even more than they are losing to fraud, so they live with the imperfect security framework.
Alton Franklin
50%
50%
Alton Franklin,
User Rank: Apprentice
3/26/2014 | 6:37:15 PM
re: Breaking Down the Impact of the Target Breach
Hey, Jonathan!
Speak of the devil.... ;-)
http://www.networkworld.com/ne...
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
2/24/2014 | 4:35:57 PM
re: Breaking Down the Impact of the Target Breach
I think making organizations pay some form of compensation if they were negligent in the case of a security breach definitely makes sense, and would be a huge driver for change. The problem right now is defining what is actually "negligent." So many organizations, particularly in other industries besides banking, don't have the necessary cyber security measures in place. We could really use a federal standard for handling data breaches that addresses this issue, and a number of people have called for one after the Target breach. Right now we have a bunch of different state laws that sometimes conflict with another. If we have a standard that everyone can be measured against to determine when negligence has taken place, I think we would see some really fast change in this space.
Alton Franklin
50%
50%
Alton Franklin,
User Rank: Apprentice
2/18/2014 | 8:01:55 PM
re: Breaking Down the Impact of the Target Breach
Good point! Brand impact does seem to gather almost as much attention as what I believe making the impact personal would. I believe that stems from the potentially significant personal impact that oftimes follows significant brand impact. Basically, it's like, "Grab 'em by the wallet and their hearts and minds will follow...". What I'd really like to see, though, is the opposite side of that coin. That is to say, some type of indemnification for parties that disclose AND ADDRESS security "events" and "issues". What are your thoughts along those lines?
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
2/18/2014 | 7:52:00 PM
re: Breaking Down the Impact of the Target Breach
Well we saw some of the bigger banks start to work together more closely with law enforcement after the DDoS attacks last year. That is something new. And the reputational harm that could come from a data breach or cyber attack does go beyond simple financial consequences. I think that is what caused some action after the DDoS attacks.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
2/18/2014 | 7:50:20 PM
re: Breaking Down the Impact of the Target Breach
You're right about banks in the past regarding fraud as sometimes being part of the cost of doing business. And you're right again in suspecting that that is changing as a result of the frequency and size of the data breaches that have been occurring lately. It's already getting bigger attention as a result of the DDoS attacks last year against banks. The key is that now the breaches and sums of money involved are getting bigger, which makes for bigger headlines. And the bigger the headlines, the more it affects the reputation of the bank, which is where it goes beyond the simple cost of doing business. None of the banks want to lose customers because they were hit by a huge data breach that got them on the cover of the New York Times.
Alton Franklin
50%
50%
Alton Franklin,
User Rank: Apprentice
2/17/2014 | 7:17:58 PM
re: Breaking Down the Impact of the Target Breach
No offense intended, but I've heard this song way too many times before.... "Given the latest breaches at < fill in the name >, < fill in the name >, < fill in the name >, < etc. >, < etc. >, < etc. > "they" will have to start paying more attention, providing more support, solving world hunger, creating world peace, curing cancer/heart disease/ADD/ADHD..." Realistically, as long as it's confined to mere financial consequences (never mind what goes for "mere"), there will be minimal adjustments - that is, no real change... I doubt it will ever happen in my lifetime; but, make it personal for the responsible parties - the ones actually signing off on currently quite obviously deficient security conditions and overall security postures - ( with jail time, unrecompensable financial penalties, public flogging, etc.) and you may - I say MAY - actually see some relevant and effective changes.... Until then.... Happy trails to you... :-)
SRG2
50%
50%
SRG2,
User Rank: Apprentice
2/15/2014 | 7:25:10 PM
re: Breaking Down the Impact of the Target Breach
As an IT Security professional, I have had the impression (possibly erroneous) that at least some members of the US banking community have not been overly concerned with IT Security - as long as the cost of the IT Security breach is minimal. The cost of IT Security breaches has, in the past, perhaps somewhat viewed as a "cost of doing business". Please note I am not privy to any information in this regard. This is just my personal impression as an "outsider looking in". However, I do believe that now, given the size, impact, and number of recent IT Security breaches - this issue will be receiving increased attention and support. This solely reflects my personal opinion at this time - and is subject to change based on new information. Thank You.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Here is what the client expects us to develop...
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.