The Wall Street Journal's article entitled, "Target Hackers Used Stolen Vendor Credentials", provides an in-depth look at the infamous breach of Target's IT security that resulted in the theft of 40 million card numbers from Target customers. Paul Ziobro's collaborative piece with Danny Yadron and Charles Levinson explains that sophisticated hackers stole electronic credentials and tapped into the retailer's interconnected system and navigated their way towards valuable financial information. Given the high-profile status of Target and the relevance of IT in modern business operations, companies across the world are now on advanced notice regarding the importance of maintaining top-quality IT protection.
While the article does not disclose exactly how the credentials were taken, the story does reveal that hackers are targeting specific vendors and skimming for various financial payment data. Given the fact that investigators now have a stronger sense of the hackers' plans, perhaps companies can begin to make security adjustments specific to these types of attacks. To be more specific, it appears that hackers are inclined to target "low-level employees or outside contractors" ("Target Hackers Used Stolen Vendor Credentials" Paul Ziobro) before working towards the desired financial data, so why not initiate IT security education for the employees that are at the greatest risk? If the commonly breached IT areas are given more attention, then hackers will have to look for a more difficult entry into any company's network. A high-scale security attack such as the one detailed in the article is bound to reveal some potential steps towards preventing a repeat occurrence, and major companies like Target should take some proactive efforts to make it increasingly difficult for hackers to break in.
Target may be the most recognizable company to face a heavy cyber attack, but they are by no means the first company to fall victim to an IT security breach. The articles lists "Bashas, an Arizona supermarket, Sprout's Farmer's Market, and Zaxby's Franchising Inc." (Ziobro) as three companies that experienced major attacks in early 2013. The point that the author's tried to make by detailing these instances is that no company is totally safe from the risk of IT infiltration from malicious hackers. Unfortunately, smaller companies likely do not have the resources to implement as advanced of an IT protection program as Target, but this should not serve as an excuse. Cyber attacks have far-reaching damages that go beyond the physical company that experienced the direct attack, and every business with IT operations should have an opportunity to protect itself from hackers. In light of the increased prevalence of hackings, the widespread implementation of a cyber attack awareness program could spread the word and even provide some funding for companies that cannot afford sufficient protection. These crimes tap into the personal information of every consumer, and the time is now for appropriate efforts to take shape and ensure the privacy of shoppers and protect all payment data within stores across the world.
Unfortunately, awareness for economic and personal threats do not catch the public eye until a popular company like Target falls victim. Despite this reality, the world of IT security now has an opportunity to move forward and kick-start new efforts that will prevent future attacks such as the ones highlighted in this article. In the ever-growing world of Information Systems, the risk of losing valuable data increases significantly every day, but a collaborative and cognizant effort to prevent these attacks will serve to benefit many people involved in the world of consumerism.
Ziobro, Paul. "Target Hackers Used Stolen Vendor Credentials." Wall Street Journal. 29 Jan. 2014.
No comments:
Post a Comment