Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Major companies, like Target, often fail to act on malware alerts

Jaikumar Vijayan | March 17, 2014
Companies that suffer major data breaches almost always portray themselves as victims of cutting edge attack techniques and tools. The reality, though, is often much more mundane.

The FireEye system could have been configured to automatically remove the threat, but apparently because the software was new and untested at Target, the feature wasn't activated.

Such incidents show why IT operations can't depend on technology alone to secure business networks, said Gartner analyst Avivah Litan. Companies also need strong security polices and processes for managing systems — and for dealing with alerts, she said.

"In this case, Target apparently fell short on process and policies — they had the technology piece down," Litan noted.

She added Target's response is typical for large organizations. "In fact, I have heard several times and from several sources that in the case of each large breach over the past few years, the alarms and alerts went off but no one paid attention to them."


Previous Page  1  2 

Sign up for MIS Asia eNewsletters.