As Bloomberg Business reported, “In the days prior to Thanksgiving 2013, someone installed malware in Target’s security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores. At the critical moment—when the Christmas gifts had been scanned and bagged and the cashier asked for a swipe—the malware would step in, capture the shopper’s credit card number, and store it on a Target server commandeered by the hackers.
“Target stood by as 40 million credit card numbers—and 70 million addresses, phone numbers, and other pieces of personal information—gushed out of its mainframes.”
Dr. Barbara Rembiesa, CEO of the International Association of Information Technology Asset Managers, says companies may not have learned the harsh lessons from the Target data breach. She says, “Though that high-profile case set off a $70 billion “IT security” spending wave among major companies hoping to avoid similar catastrophes, 2014 has so far seen more customer data stolen than in any previous year.”
She’s especially harsh on what corporations are doing. “The Target debacle triggered an 8 percent increase in spending on ‘IT security’ but did very little to slow down the tide of major data breaches. The reality is that companies that have taken these steps are treating the symptoms but not the underlying problems. By focusing only on narrowly focused and superficial IT security ‘solutions,’ companies are putting the cart before the horse and they’re going nowhere.”
She added: “When you look closely at the biggest data breaches of 2014, even the best IT security solutions alone could never prevent them. This has been the biggest ignored lesson of the year. If companies are to stop these attacks in 2015, they must first recognize that the true source of nearly all major breaches are more foundational and stem from nonexistent or inadequate IT Asset Management procedures.”
Rembiesa said companies need to follow IT Asset Management principles to protect themselves. Among them: