News from Target, Ukraine and RSA Conference Have Security Community Abuzz

Written by TC
March 5, 2014

Several seemingly unrelated news events have put a spotlight on cyber security, underscoring technical vulnerabilities and amplifying anxieties worldwide this week.

On Wednesday, Target Corp., again made headlines when Chief Information Officer Beth Jacob resigned. Jacob is taking the fall for the massive security breach that compromised as many as 40 million customers over the 2013-14 holiday aeason.

Since the breach became public, shares of Target stock have slumped 10 percent and executive management has said the debacle cost the company $61 million ($44 million of which has been paid by insurers).

Jacob’s post became especially vulnerable after news reports surfaced suggesting that the company had been warned about its vulnerabilities and that hackers went undetected for three weeks.

Also this week: Pro-Western Ukrainian news outlets and social media sites report massive denial-of-service-attacks launched at them by Pro-Russian forces, according to the BBC. (Of course, Pro-Russian Web sites are also levying charges of cyber-attacks aimed at them.) In addition, Ukrainian authorities confirmed that communication networks had been the targets of cyber-attacks, as well.

Finally, National Security Agency (NSA) Director Gen. Keith Alexander said on Tuesday in Washington that Congress needs to overhaul a pair of privacy laws to allow the government to communicate with private companies and foreign nations, according to a report in The Hill.

“The spy chief, speaking at Georgetown University on Tuesday, said that the Electronic Communications Privacy Act and the Stored Communications Act need to be amended to let companies and agencies share critical information about cyber threats,” the paper reported.

All of this comes on the heels of the massive 2014 RSA Security Conference, which wrapped recently in San Francisco. There, security professionals from around the globe discussed ways to prevent a massive assault on governments, businesses and private entities alike.

In a blog published on March 4, Gartner Vice President and Distinguished Analyst Avivah Litan wrote that she was surprised by the “dearth of information sharing in the retail payment card industry.”

“Information sharing is not easy in retail payments. I have colleagues who would like to share specific information on the behavior of malware attacking retailers but are shut down by lawyers for retailers, POS software vendors, insurance companies and more. This makes no sense to me when information sharing that provides safe harbor for those who disclose and confidentiality for the victims is exactly what is needed to help stop future attacks,” she wrote.

“I’m not optimistic that the situation will substantially change in the near future so until then, the only ones who win are the criminals,” Litan added.

In these anxious times, her concerns do little to assuage IT professionals.