Estimates are that the cost of a relatively simple hack on retail giant Target this past December has reached over $1 billion to date, not to mention the ongoing legal exposure and subsequent damage to its high-value brand.   The ripple effect of over one hundred million credit card numbers being stolen and quickly sold online to a global black-market of ready customers is staggering, and will ultimately impact millions of consumers, as well as thousands of banks and retailers worldwide.

Remarkably, Target was one of the largest retail customers of Wall Street darling, Fire Eye, which failed to identify and thwart the hack. Despite a more than $40 million dollar marketing budget last year, Fire Eye’s advertising no doubt rings hollow with senior management at Target, particularly the CIO and CEO who were terminated in the wake of the hack. This is just another example of an internal IT group that, because they lacked the needed cyber security domain knowledge, put the fate of their company in some well marketed but flawed legacy cyber security solutions. It has now been proven that these legacy solutions simply cannot deliver genuine cyber security.   What is particularly poignant is the fact that for as little as $100 per credit card terminal, Target could have secured these critical infrastructure components of the company’s high-value digital information assets.

There are thousands of companies similarly deluded by well-meaning IT marketers, as well as their own generally competent IT managers. In fact, most IT managers will admit that cyber security is a horse of a different color; cyber security is far different from the typical challenges that IT managers regularly face. In general, IT managers understand the vastness of the problem, but have been led to believe by legacy providers that there is no “silver bullet” solution.   Like any good fallacy, this folklore has some truth in it. There is no single solution to the problem of cyber security; however there are several components that, when fully integrated and complemented by tools that incorporate IT management’s intimate knowledge of their own business, can push the effectiveness of cyber security to 99.99% to 100%.   The best part is that it’s not expensive.

Posted by Ed Brinskele on Wednesday, May 28, 2014