Businesses and IT Managers Examine Anti-Malware After Target’s Data Breach
As most of us are now aware, a massive number of Americans’ credit and debit card numbers were stolen late in 2013. What was reported first last week is the likely method the attackers used to gain access to Target’s systems. It seems likely that a fairly common email malware password stealing program was the culprit. The malware was in an infected email opened by an employee of an HVAC contractor that Target used. The contractor had limited access to Target computer systems for billing and project management, a common practice for many retailers.
The full details are perhaps most interesting for security experts. But, there is one flashing red light in Krebs’ article that should attract every IT manager and business lawyer’s attention. The HVAC company that was the ‘target’ of the attack, was apparently using a free version of an anti-malware program to scan its computers. That free version was not created or licensed for use on business systems and should not have been the primary line of defense against malware. But, I expect that the managers of this Pennsylvania HVAC company and its IT people never considered that they would be attacked by sophisticated cyber-criminals hunting for credit card numbers. Why should they? They are a commercial HVAC contractor with no access to large amounts of consumer data. Unfortunately, they are now in the spotlight of national news for all the wrong reasons. This shows that in today’s interconnected world, every business is a target.
Ultimately, it will likely be determined that there is plenty of blame to go around. The lesson here is that every business, no matter how big or small, should ask its IT department or contractors, “Are you using the appropriate, up-to-date, fully licensed business versions of all of the scanning software necessary to detect viruses and malware on our systems?” Managers should also ask which programs and versions and make sure they are appropriate for your business. Then, ask the same question again, regularly.
Attorney Jack Gross is a business attorney, counseling large and small companies in a wide range of industries.