The issue of enterprise security came into stark focus late last year with the revelation that retail giant Target's internal system had been breached via a point-of-sale (POS) attack. For more than 100 million people, this meant the exposure of personal information. For the store, the attack led to decreased business, government investigations and many unanswered questions. To help answer some of those inquiries and also pave the road for smoother enterprise security in the future, a U.S. Senate committee convened recently to address the issue, where they heard from both breached companies like Target and preventive experts like Entrust.
Chaired by Senator John D. Rockefeller IV, the U.S. Senate Committee on Commerce, Science and Transportation took March 26 to focus a special hearing on the issue of cyberattacks that threaten enterprises and have the potential to derail certain business operations if not kept in check.
The hearing — called "Protecting Personal Consumer Information from Cyber Attacks and Data Breaches" — was organized not only due to the Target breach, but because such attacks have not been limited to retailers like Target and Neiman Marcus, targeting apps like Snapchat and educational institutions like The University of Maryland. Rockefeller's opening testimony acknowledged that today's business landscape is one in which malicious incursions are unavoidable, and companies should therefore take proactive steps to defend the identity of their customers. "It is increasingly frustrating to me that organizations are resisting the need to invest in their security systems," he said, adding that protective security measures are vital for businesses of all sizes.
Any store that does not take the most stringent authentication measures to guard their patrons' identities will be subject to significant scrutiny. The difference between Target and the average breach, though, is that the retailer's attack impacted more than one-third of the country — meaning that renewal of customer trust will truly be hard-earned. Speaking before the committee, Target Chief Financial Officer John Mulligan admitted his business still has a long road ahead as far as restoring customer faith. "Our guests expect more, and we are working hard to do better," he said. "We know this has shaken their confidence, and we intend to earn it back." But Target did not come into the meeting in particularly good standing. The day before the hearing, the Commerce, Science and Transportation Committee put out a report that argued that Target had several chances to prevent the attack that ended up costing them so much money and trust, Reuters reported. And in the leadup to Mulligan's testimony, committee chair John D. Rockefeller IV voiced the committee's majority opinion when he warned that, "Target is going to tell us today that they take data security very seriously … but the fact remains, it wasn't enough" to prevent the breach.
Despite these less-than-favorable comments, though, Mulligan tried to sway the committee by both acknowledging his company's errors and promising that it is making every effort to rectify the situation, including improving customer security by enacting a two-factor authentication system. "This is about double locking the door," Mulligan said.
In any situation where security is compromised, it helps to hear from experts whose job it is to make sure businesses have a strong authentication infrastructure in place. At the Senate hearing, that expert was Entrust's president David Wagner, who got up to talk about the enterprise security considerations that must go into defending customer identity.
According to Wagner, situations involving the compromising of personal information have gotten worse over the past few years. This decline in individual security necessitates action on the part of all enterprises, Wagner said. Because malware attacks are an inevitability in an increasingly cyber-based world, Wagner pointed out that this action should boil down to placing strong identity safeguarding measures in front of a company's internal infrastructure. One way this can happen is through the implementation of a two-factor authentication system. In this regard, Target seems to be on the right track to preventing a future breach. "Although attackers are knowledgeable and persistent, there are ways to reduce the likelihood of a successful attack and mitigate damages," he said. "It is commonly understood that security in layers and defense in depth help combat attacks."