Since 2008 Verizon has been putting together a report outlining the impact of global cybercrime and the importance of information security. Often our memories are “short” and we cling to the last thing we heard in the news. This year of course it is the breach that Target experienced; which is disappointing, in that Target was not the only big box retailer to be hit, but for some reason they were the most memorable. Verizon works with the top security companies and agencies in putting together the Data Breach Investigation Report and in spite of headlines surrounding breaches at Target and other retailers, the news on closing security holes is actually positive.
There was an unprecedented new development in the aftermath of the Target data breach this week. By now everyone living above ground is aware that hackers were able to penetrate the Target network to install malware on POS systems by hijacking the credentials from Target’s HVAC vendor. The hackers were able to take off with 100 million account records including some 40 million card numbers. The projected costs to Target are expected to be in the billions.
The news cycle and buzz surrounding the recent card security breach at Target, Neiman Marcus, and Michael’s continues to have legs, even the card associations have jumped into the discussion.
This week, Bob Russo, General Manager of the PCI Security Council testified before congress. During his testimony he made several interesting statements. The one I find of most interest was “Moving toward EMV Chip technology is an important piece of improving data security, but it is not a solution in and of itself. Used together, EMV Chip and PCI Standards, along with many other tools will provide strong protections for payment card data.” Indeed, looking at what we know of the Target breach, PCI standards 8.3 and 8.5, if properly implemented do address the source of the breach. I agree with Mr. Russo in his above comments. EMV is indeed a piece of the puzzle. It is not, however, the ultimate solution.
It's been several weeks now since the Target breach was made public. This was followed in short order by an announcement by Neiman Marcus about another breach. This weekend, a possible breach at Michael's was made public. The press has been all over these events, everyone rushing to contribute their 2 cents (Cash only please). It's time to step back, and see what we have learned.