A generic background image tangentially related to the post

Target breach fallout highlights importance of comprehensive malware removal

Eric Tabor  |  April 3, 2014

Share: Share on FacebookTweet about this on TwitterShare on LinkedInGoogle+

Without proactive malware removal, organizations are putting themselves at serious risk. Recent developments in the Target data breach saga highlight the direct costs that can result from a lax approach to eliminating malware. As more details emerge about the hack, which resulted in the compromise of 40 million credit card numbers and 70 million pieces of personal information, it's become evident that the embattled retailer likely could have prevented the attack if it had a stronger, more comprehensive approach to malware removal.

The latest development, per Bloomberg Businessweek, is the discovery that Target was actually warned about the vulnerability that led to the breach through a malware detection tool. The $1.6 million technology monitored Target servers and computers around the clock, looking for anything amiss. The alert system worked the way it was supposed to, according to FireEye, the malware detection tool's producer, and the Bangalore-based security specialists in charge of scanning the retailer's network. They notified Target's Minneapolis-based security team according to procedure, who ended up not doing anything about it.

Of course, hindsight is 20/20, but it's worth pointing out that malware detection is only half of the battle. Malware removal requires organizations to be proactive. Whether Target's security team didn't recognize the severity of the vulnerability and the need for swift action is undetermined, but it's important to remember that cyberthreats don't wait. In an interview with NPR, Businessweek's Michael Riley said that Target's reactionary or indecisive approach was unable to keep the hacking attempt at bay.

"Whatever was going on inside Target's security team, they didn't recognize this as a serious breach," Riley told NPR. "There was no serious investigation that went on. They didn't go to the server itself to figure out what the malware was doing."

Insulating organizations against attacks and identifying malware are difficult tasks that require constant vigilance. A company unsure of whether it can provide this level of attention should strongly consider adopting a third-party malware removal service that can neutralize threats in a preventative fashion.

The following two tabs change content below.

Eric Tabor

Chief of Staff | Vice President- Strategy & Operations at ISG Technology
Eric joined ISG Technology in 2012 bringing with him experience from ISG’s parent company, Twin Valley Telephone, Inc. He is a member of the Twin Valley senior management team that managed the company’s organic and acquisition growth strategies resulting in the company tripling in size from 2005-2010. Prior to joining Twin Valley he held sales and operations leadership roles at Southwestern Bell/SBC in multiple Midwest locations. He holds a B.A. in Mass Media and Communications from Washburn University. Eric currently resides in Olathe, KS with his wife and their two children.
About

Eric joined ISG Technology in 2012 bringing with him experience from ISG’s parent company, Twin Valley Telephone, Inc. He is a member of the Twin Valley senior management team that managed the company’s organic and acquisition growth strategies resulting in the company tripling in size from 2005-2010. Prior to joining Twin Valley he held sales and operations leadership roles at Southwestern Bell/SBC in multiple Midwest locations. He holds a B.A. in Mass Media and Communications from Washburn University. Eric currently resides in Olathe, KS with his wife and their two children.

Posted in Blog, Professional Services, Security Tagged with: ,
Menu