This content is part of the Essential Guide: Managing information security amid new threats: A guide for CIOs
News Stay informed about the latest enterprise technology news and product updates.

Credit card data breach costs CIOs big time despite hacker profit

Who profits from a credit card data breach? It doesn't matter. It will cost CIOs and their companies big time. Also in this week's Searchlight: Amazon smartphone announcement, Netflix plea to FCC and more.

The topic of data breaches comes up frequently in Friday Searchlight columns -- and for good reason: They are costing companies a lot of dollars and costing CIOs their jobs.

Look no further than those two massive payment card breach victims -- Target and Neiman Marcus. "The Target breach has already cost the CEO and CIO their jobs and the financial costs may reach as much as $18 billion once all is said and done," explains Wade Williamson, Shape Security senior threat researcher and Forbes contributor. In Neiman Marcus's case, Michael R. Kingston still stands strong in his CIO role, but the company developed a new-to-them new position in the C-suite: chief information security officer (CISO). Target has also hopped on the CISO bandwagon, appointing GM chief information security and IT risk officer Brad Maiorino as their first.

Aside from the C-suite shake-ups, the financial damage has been well-documented. Between card replacements, credit card monitoring for victims, lost business, declining stock prices, fines and lawsuits, it costs companies like Target and Neiman Marcus an average of $188 per compromised record, according to a Ponemon Institute study published in 2013.

Less known -- and possibly instructive for CIOs and CISOs -- is how this stolen data is monetized after the breach. In his piece in this week's Forbes, "The Underground Economy of Data Breaches," Williamson explains that unlike the financial toll on companies, which is exacted at the time of the breach, the profit to the hackers dwindles over time: it depends on how well they can navigate the nether regions of organized crime rings -- and how quickly they can monetize the stolen data. This sensitive information has a shelf life.


However -- and here is the scary part for CIOs and CISOs -- as breaches are publicized and the value to criminals sensationalized in the media, your everyday hacker is now convinced he or she can make a killing on this data, according to Williamson. "Unfortunately, more and more opportunistic criminals enter the market, card breaches could begin to look less like an Ocean’s 11 style of heist and more like opportunistic vandals who are willing to burn down your home in order to steal the copper plumbing inside."

Burn down your house for the copper plumbing inside! It's an interesting read and, yes, it comes with a moral for CIOs. No matter how little a hapless hacker profits from the breach of your systems, it will cost your company big time. Next week on CIO, you'll be hearing more about how to protect against a data breach in the Internet of Things era. Meanwhile, an observation: Design your systems for an attack, because your systems will be breached.

  • Big news on the consumer side of things: Amazon has introduced its long-awaited Fire phone. The new device features audio- and image-recognition for Amazon's online store, 3-D viewing, unlimited storage for photos and a year of free membership to its Prime fast-shipping program. Plus, interesting design crimes. Will Fire be in your back pocket?
  • In net neutrality news, the debate over the FCC's new proposal to dissolve current Internet rules continues, but an interesting new spin emerges. Netflix is asking the FCC to intervene in its dealings with ISPs like Comcast and Verizon, claiming the ISPs were intentionally letting their connections deteriorate to force Netflix to pay up for better service.
  • The Global Post is calling the recent Domino's Pizza breach in France and Belgium "the world's lamest cyberattack." Hackers accessed phone numbers, delivery instructions, email addresses and customers' favorite pizza toppings.
  • In lighter news -- well, sort of -- this robot might look friendly but it is programmed to do a serious job. Bob, a security robot developed by a team at the UK's University of Birmingham, scans surroundings using 3D sensors and logs whether anything has changed since the last scan.
  • With the World Cup in full swing, many are celebrating -- or drowning sorrows -- with good ole fashioned alcohol. The Vessyl 'smart cup' from Mark One not only recognizes how many servings you've had, but can analyze alcohol content and tell you when it might be a good idea to stop drinking.

Previously in Searchlight, XSS vulnerability unmasks stale Web security and What it takes to be a CIO. Let us know what you think about the story; email Emily McLaughlin, associate site editor.

Next Steps

Read why human error shouldn't worry security professionals as much.

Learn what five questions CFOs are asking about security and risk management.

Dig Deeper on Enterprise data privacy management

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

In what ways is your IT organization planning for an attack?