As more chief information officers implement innovations such as cloud computing and mobile solutions throughout their companies’ information technology functions, these tools become increasingly mainstream. However, one practice that does not seem to be catching on, even among some of the largest of corporations, are those concerning data protection.
Some information technology professionals may take cautionary tales about defending their businesses’ sensitive information lightly. That said, IT executives really should not skimp on the solutions and strategies employed to prevent virtual security breaches.
One thing that skeptical professionals should keep in mind is the easy accessibility that technologies like cloud-based programs and mobile applications have to offer. There is a reason that CIOs have decided to incorporate these advancements into their operations in the first place. Not only do they boast features that help them run their businesses, but the functions themselves are available nearly anywhere in the world. This remote access is often seen as a selling point for these solutions, though IT departments should consider just how much easier these tools are also making it for hackers to get their hands on confidential data.
Major corporation experiences security breach
If CIOs are in need of some concrete evidence, then they should look no further than the controversy surrounding Target’s data breach.
According to USA Today, this major American retailer was recently subject to a cyberattack. Hackers gained access to a wealth of information about Target shoppers, taking data pertaining to approximately 40 million credit and debit card accounts belonging to customers who had made purchases at the store from Nov. 27 to Dec. 15, 2013.
The fallout from this occurrence is significant for both consumers and Target.
First of all, customers’ credit card account information has reportedly been for sale on the black market. These cards are being sold as packaged deals, These bulk items of about one million cards are available to purchase, priced at anywhere from $20 to more than $100 per card.
While this obviously presents a dilemma for shoppers who have had their confidential account information seized, the prominent retailer is now facing its own mess to clean up. So far, there are three class actions filed against Target, seeking a total of more than $5 million in damages.
Additionally, the attorneys general of Massachusetts, Connecticut, New York and South Dakota are putting pressure on the corporation. They are launching an investigation in the breach, which may end up being a collaborative initiative between states, and they are requesting that Target provides them with information about the incident.
Learn from other CIOs’ mistakes
In light of this incident, CIOs should take away a valuable lesson. Even though sophisticated solutions have the potential to completely overhaul their businesses’ operations, it has to be outfitted with the right security measures. This means going above and beyond the traditional means of data protection so that IT executives can ensure that their customers’ information, in addition to their own, is out of the reach of cyberthieves.
InformationWeek explained that although firewalls and intrusion detection programs are a solid base for data security, tech professionals are going to have to put some more effort into defending their data. In the past, these more traditional tools were adequate in securing sensitive information and making sure that hackers were less apt to access any data. However, the more advanced that technological systems become, such as those available through the cloud, and the wiser cyberthieves get, the less effective these basic measures are going to be.
For this reason, CIOs should up the ante when it comes to their data protection solutions. The news source advised that IT executives take a layered approach in terms of their programs, which will present hackers with numerous hurdles before they are able to access confidential company information. If tech professionals do not think they have the resources to do this to all of their systems, then they should at least target areas that contain particularly sensitive information and ensure that those are secure.