Cyberthieves find workplace networks are easy pickings


Cyberthieves find workplace networks are easy pickings

By Byron Acohido, USA TODAY

It took only a modicum of skill for a cybergang to steal 94 million credit and debit card payment records from the TJX retail chain — and follow that up by hauling in 130 million records from credit card processor Heartland Payment Systems.

Court records reveal that those record-setting break-ins were almost too easy. Even more surprising: The thieves were able to take their sweet time extracting the data, in each case going undetected for more than a year.

What happened to TJX and Heartland was not unusual. And details unveiled in the prosecution of gang members involved in both thefts have shed fresh light on a business truism demanding more scrutiny: Workplace networks have turned out to be much more porous and difficult to defend than anyone ever anticipated.

Overly complex IT systems are producing endless opportunities for cyberthieves, who need only to master simple hacking techniques to get their hands on sensitive data. The result: Data breaches continue to plague companies, hospitals, universities and government agencies — any entity that collects data and conducts business on a digital network.

The vast majority of organizations routinely fail to take simple defensive measures, such as shoring up common website weaknesses or uniformly enforcing the use of strong passwords. "Networks have become a hodgepodge of components stitched together, creating security holes that can easily be taken advantage of," says Barmak Meftah, senior vice president at applications security firm Fortify Software.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: