Comments below in response to news that the proposed $19 million data breach settlement between Target and MasterCard is voided after the agreement failed to attract support from 90 percent of banks affected by the breach.
Brad Taylor, CEO, Proficio (www.proficio.com):
“We are seeing the massive and rampant increases of breaches in the retail sector over the past 12 months are highlighting the major difference between being compliant and being secure. Executives are realizing one does not equal the other. All the breached retailers of the past year were compliant and still got breached.
A new paradigm for security monitoring, investigation, and immediate response is needed for detecting advanced multi-tiered attacks and blocking at some point in the kill chain before a breach occurs.
Partnering with a Security Operations Center (SOC)-as-a-Service company focused on threat prevention that can integrate into your operations process may be the answer for many retailers.”
Tim Erlin, director of IT security and risk strategy for Tripwire (www.tripwire.com):
“Unpredictable costs are very difficult for businesses to plan around. Organizations generally try to quantify the cost of a breach and variables like lawsuits introduce instability and uncertainty into the planning process. These variable can have trickle-down repercussions that are also hard to predict.”
Richard Blech, CEO, Secure Channels (www.securechannels.com):
“The aftermath of treating security as an afterthought is exploding. Everyone is damaged by breaching sensitive data. While the banks, MasterCard and Target are arguing at an enterprise level, it is easy to forget the real loser of breaches – the consumers.
Customers ending up paying for the pay outs for the lawsuits, upgrades in security and covering the loss made by the breaches. These large enterprises end up charging customers more to compensate for the their products, services, lawyers’ fees, public relation debacles and advertising that goes into a company trying to recoup from the breach themselves. Or the company could simply deeply encrypt their sensitive data and all this would never happen.
Companies like Target need to invest in cyber security to protect consumer data rather than create all this cost to pass down to the consumer. The best way to make money is to stop losing it in the first place.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.