In an age when every person is expected to be super vigilant regarding their personal online security, why would Target execs ignore warnings that their system was vulnerable to hackers?
This is the question consumers should ask themselves is whether or not other retailers or businesses that take credit card orders ignore such warnings. In some cases, the warnings are ignored or considered inconsequential
Nicholas Scott, head of cybersecurity for the National Australia Bank, told a conference last year that many institutions miss or ignore early warning signs. Some as simple as phishing emails sent to their customers.
"We mine it and go, 'Oh, look at that, CitiBank, Bank of America, and JP Morgan are starting to be phished, and there's a new payload'," he said. "I can tell you now, that payload is coming to me in the next month or two."
The social network Snapchat seems to have been in the same boat. The site was warned months in advance by Gibson Sec that its API was vulnerable. Gibson Sec is what is termed a "White Hat" group, or the good guys in the hacking wars. Gibson goes out and identifies threats and then lets the vulnerable know the issue. It had issued warnings to Snapchat well in advance of the breach that resulted in 4.6 million phone numbers being stolen.
"I have seen enterprises roll out very expensive systems to handle security monitoring, yet there is no subject matter expert for this technology or risks within the enterprise," said Joe Schumacher, a security consultant for Neohapsis.
News that the retailer had been warned as early as Nov. 30 by its own Internet security team, but the alert was ignored broke late this week. This resulted in stolen credit card information from 40 million Target customers along with 70 million other tidbits of personal data during the holiday period.
At the time, Target declined to act upon the warning, but now the company is having second thoughts on its decision.
"With the benefit of hindsight, we are investigating whether if different judgments had been made the outcome may have been different," company spokeswoman Molly Snyder said in a statement.
According to a Bloomberg Businessweek report, the company's FireEye security system noticed the breach on Nov. 30 and even that the attackers planned to send the data to outside servers.
