Get All Access for $5/mo

Target's Security Breach Stresses the Need for Better Cyber Security Criminals are getting more clever in the theft of consumer information. Companies should take immediate steps to better protect sensitive data.

By Eric Basu Edited by Dan Bova

Opinions expressed by Entrepreneur contributors are their own.

Target's recent credit card security breach that affected 70 million customers was a huge hit to the retailing giant at the most inopportune time. To the retailer's credit, it took this matter extremely seriously by quickly informing customers and offering 10 percent discounts to anyone who came into its stores the weekend before Christmas.

The bigger issue for the retailer is everyone coming in with their two cents on what Target should have done to prevent this breach, including two U.S. senators seeking investigations from the Consumer Financial Protection Bureau and the Federal Trade Commission. There are also potential class action lawsuit filings against the retailer in California and Rhode Island.

Yet in the ensuing and understandable media melee, one crucial point has largely been missed: the makeup of the criminals that perpetrated the act. Though not much has been disclosed, there's little doubt in my mind that this was not the work of some part-time hacker living in his mother's basement. While there are always lessons to be learned to make things better, we as security experts must openly acknowledge that cybersecurity is a war where the enemy is a formidable, organized and very sophisticated threat.

Related: Target Says Up to 70 Million Customers Affected By Hacking

Data breaches like the one Target suffered are typically conducted by organized crime syndicates or similar groups with a sizeable level of cleverness. They have a vast number of highly-skilled resources at their disposal from virtually every corner of the globe and strike with keen precision. They have a network like no other and when these criminal organizations hit, they hit hard. The Ponemon Institute's 2013 Annual Cost of Cyber Crime Study noted that the financial impact of cyber attacks is up nearly 78 percent.

Corporations, security experts and consumers need to act accordingly by taking cybercrime more seriously. It's no longer a question of if, but when an attack will occur and how best to ensure it doesn't infiltrate sensitive accounts. The first line of defense is also no longer the individual, as it once was. That's because consumers no longer "own" their data. Information is moving so fast that these folks have their account information, address, phone numbers and other sensitive data on many servers they neither see nor control.

Organizations that house this data must recognize that they bear the responsibilities of protecting the information. It's a daunting task to be sure, but one where investments in security will prevent costly loss of revenue and litigation in the same manner that Target is now struggling to deal with.

Related: Don't Get Hacked -- Tools to Fight Cyber Attacks

The key is to fight the cyber enemy with the same level of sophistication and respect that they have for their intended victims. This is a clever enemy before us, but one that can be defeated if we understand the size and scale of the threat. The advantage we as information assurance experts and corporate executives have is possessing tried and true methods to thwarting such threats, with elements that include:

Categorizing information for its value to others. Ensure a keen understanding of what kind of data may be of interest to would-be cyber criminals. Prioritize it by the need to protect it. This will serve as a foundation for developing strategic information assurance initiatives against a fixed budget.

Fully understanding the user base. Identify people and activities to develop potential threat profiles. It will help in focusing efforts to thwart attacks that occur from or are caused by improper activities from within. Training and awareness of employees is also a key aspect here. Surprisingly, many people who hold high-level security clearances will keep their passwords on a piece of paper in their notebook, or unencrypted in a document on their phone or computer.

Monitoring systems. Identify all entries and exits; be they printers, thumb drives, network boundaries, etc. Watch happenings at these key points as well as system wide. More importantly, don't just track the raw activity levels, but trends as well. Develop baseline metrics to identify abnormalities quicker and take action in a more rapid fashion.

Let's make 2014 the year we get the upper hand in this emerging cyber war.

Related: Cyber Security a Growing Issue for Small Business

Eric Basu

CEO of Sentek Global

Eric Basu is the CEO of Sentek Global, a provider of government and commercial cybersecurity and information technology solutions. 

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Business News

These Companies Offer the Best Work-Life Balance, According to Employees

The ranking is based on Glassdoor ratings and reviews.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Leadership

Why Your AI Strategy Will Fail Without the Right Talent in Place

Using fractional AI experts through specialized platforms allows companies to access top talent cost-effectively, drive innovation and scale agile strategies for growth.

Science & Technology

Use This Framework to Successfully Integrate AI Into Your Business Operations

Here's how to ensure both innovation and compliance when using AI in your organization.

Business News

Here's What the CPI Report Means for Your Wallet, According to JPMorgan and EY Experts

Most experts agree that there will be another rate cut next week.