One of the latest high-profile data breaches to hit the news involved big-box retail chain Target, which has nearly 1,800 locations in the United States and more than 100 in Canada. An estimated 40 million payment card numbers belonging to the big-name retailer’s customers were breached over a time period that began the day before Thanksgiving and spanned several of the busiest shopping weeks of the year before the issue was finally identified on Dec. 15.
As far as hacking goes, the media and the public enter at a late point in the cycle – i.e. after a breach has A) occurred and B) been discovered. After identifying a breach, the affected firm launches into a flurry of activity that entails making sure all of the hackers’ entryways have been compromised, assessing the scale of the damage, informing customers and determining next steps, which involves everything from offering special discount prices to win back business (as Target did) to shoring up security protections to safeguard against attacks waged in the future.
Preventing breaches in the first place
Of course, none of this would be necessary if organizations were able to head off hackers at the pass, rather than scrambling to minimize the fallout after a breach occurs. Sometimes, the people behind cyberattacks are able to compromise data by coming up with ingenious ways to sidestep a company’s current security infrastructure, however robust the firm believes these protections to be. In other cases, though, the “O” in “CEO” may as well stand for “ostrich,” because some executives bury their heads in the sand and refuse to accept the fact that their firms may be at risk.
“Don’t kid yourself; every company is a target,” wrote Ron LaPedis, Workforce Continuity Strategist for SunGard Availability Services, in a recent piece for ForbesBrandVoice. “Only the ‘why’ differs from company to company.”
According to LaPedis, hackers may be motivated by any number of goals ranging from the political (activist groups with axes to grind or foreign entities eager to steal secrets) to the petty (competitors who want to steal customers or money-grabbing individuals chomping at the bit to fill their coffers with your hard-earned profits). LaPedis advised that CEOs unsure of the most likely motivation for attacking their companies should take a look at their firms and determine why somebody would want to come after them.
But the self reflection doesn’t end there. “You need to do the same thing with your data,” LaPedis urged – and if you’re not sure where to start, consider asking the following questions about the information your business collects, uses and stores:
- Is it personally identifiable (e.g. the PIN details associated with Target customers)?
- Is it confidential (such as technical schematics)?
- Does it pertain to future projects (prototypes of future ventures, for instance)?
Once you’ve determined the different kinds of information at risk, the next step is to figure out where this data is physically located, as well as the channels through which it can be accessed. In the offices of yore, answering these types of questions would be a lot easier, as data tended to be stored on a server and only accessible through computers on the company’s network. In an age of smartphones, tablets, telecommuting and cloud computing, however, access points are considerably more numerous and varied.
Going forward, CEOs and other members of the C-suite should be proactive rather than reactive when it comes to data protection, and determining why cyberattackers would want to target your firm, what type of information they’re hoping to obtain and where they will find it can go a long way.
About Caldwell Partners
Caldwell Partners is a leading international provider of executive search and has been for more than 40 years. As one of the world’s most trusted advisors in executive search, the firm has a sterling reputation built on successful searches for boards, chief and senior executives, and selected functional experts. With offices and partners across North America and in London, the firm takes pride in delivering an unmatched level of service and expertise to its clients.