I shop at Home Depot fairly often. In fact, I dropped by today for some things and I didn’t even give a passing thought to the recent unwanted attention the retail chain has received. Yes, in case you haven’t heard, on September 8th Home Depot confirmed a massive security breach, almost a week after credit card data linked to its customers went up for sale on a well-known black market website. The company is estimating that as many as 56 million credit cards may be at risk – more than the 40 million exposed during the Target credit card breach at the end of 2013.
Nothing really changed for me; it was business as usual in a world where the threat of cyber warfare is a perpetual reality. Besides, I figure that a company is never stronger and more secure than after such a major cyber attack. And I always keep an eye out for strange or unexpected charges on my credit card.
Major retail security attacks are getting so common place nowadays that it doesn’t even phase us anymore. We don’t even hear of all the smaller ones that happen. Now your guess is as good as mine as to why Home Depot – a chain with 2,266 stores and $79 billion in annual revenue – didn’t take more precautions to prevent this recent debacle. And it’s not like they weren’t warned. Bloomberg News points out that according to internal company emails and reports, Home Depot suffered two smaller hacks a year ago, after which security contractors urged the company to strengthen its cyberdefenses by activating a key, unused feature of its security software. This software security key would have added a layer of protection to the retail terminals where customers swipe their cards. Well, unfortunately the retail giant didn’t follow through on the advice, and the rest is history.
One of the biggest lesson that Home Depot, Target, and other major retail hacks teach us is that NO one is invincible. If the big boys are getting nailed, what does this mean for the smaller guys? Every business no matter what size must take extreme precautions to guard against cyber threats.
Technology has accelerated at such a rapid pace in recent years. It has dramatically transformed the way we live, work, and socialize with others. And while it has given us previously unforeseen benefits, technology has also made it easier than ever for bad guys to exploit unwitting people and organizations. Unfortunately, and this should come as no surprise, the black market for hackers is increasingly sophisticated, specialized, and maturing.
This all spells trouble for businesses that don’t take the trouble to implement a cybersecurity strategy to protect their networks, infrastructure, and other data assets from attack. Small businesses, with less resources and less awareness, are especially vulnerable to increasingly sophisticated methods of infiltration. The consequences of this could be irrevocable, and range from lost customers, brand damage, increased expenses, and lost revenue.
Cybersecurity often doesn’t get the attention it deserves within small businesses. According to a 2012 joint study by security firm Symantec and the National Cyber Security Alliance (NCSA), 83% of small businesses do not have a formal cyber security plan, and 69% are without even an informal plan. Like most accidents and misfortunes the assumption often is that “it only happens to the other guy.”
The takeaways here are clear: If a retail giant like Home Depot could experience such an epic security breach, then small businesses must do everything in their power to protect, prevent, and defend against security breaches by adopting clear cybersecurity strategies. A security breach can and will happen to your organization if you don’t take proper precautions; it’s only a matter of time! If your organization doesn’t have a security plan in place then it needs to implement one immediately.