Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: [email protected].
The fun and flurry of retail discounts during the high-volume holiday shopping season were marred last year by the much-publicized breach of customer data at popular retailer Target. By mid-December, the personal information and payment-method details of nearly 110 million individuals were compromised. As a result, Target’s most recent financial results showed:
–Net profit cut nearly in half from the previous year.
–A 5% revenue decline.
–A $61 million hit from known breach-related expenses.
–As-yet unknown costs related to potential claims and litigation from payment card networks, consumers and banks.
–Incalculable damage to the company brand.
The holidays are easily the worst time for any retailer to confront a crisis, and in Target’s case it was a perfect storm: the element of surprise, the massive amounts of data in Target’s network and the opportunity for significant damage to brand reputation contributed to the calamity. A retailer’s nightmare. A hacker’s dream.
Target’s hardly alone: Studies show that one to nine new malware attacks occur every second of every day. In 2012, the United States alone saw a 400% uptick in mobile malware, a 42% increase in targeted cyber attacks and a 300% rise in the number of data records compromised by a security breach. Such increases are expensive, and not just for Target.
Exorbitant costs
The reported cost of cyber crime in the United States varies widely, but conservative estimates put the figure at roughly $110 billion. Meanwhile, the costs for businesses that are victims of cyber attacks have risen an average of 78% over the past four years and the time to recover from a breach has increased 130% in the same timeframe. U.S. companies report spending an average of $10 million per year to clean up after a successful attack – and none of these costs include the cost of litigation or long-term brand erosion.
And then, of course, there’s the customer experience to consider.
The customer experience provides significant competitive advantages for service providers that do it well. Increased coverage of cyber attacks like the Target breach boost consumer awareness of security issues and the need for security tools that extend beyond basic PC malware. In today’s hyper-connected, hyper-competitive world, delivering consistently good experiences can make the difference between market growth and decline, between brand awareness and obscurity, between customer loyalty and defection.
Scaling the wall
Service providers recognize that they are as vunerable to attack as other organizations and often the weak links in any given network are by-products of a customer-centric strategy: Smart mobility, high data volumes, widespread apps use and extensible payments are all consumer favorites, but each comes with increased risk to sensitive information.
Add to which, business models continue to evolve to accommodate large ecosystems of product and service providers. Third-party vendors, cloud-based delivery and other components of the extended enterprise mean that customer data flows through a variety of tools and systems beyond the traditional walls of a provider’s network. More online transactions and more ways to process them offer incentives to cyber criminals. Worse, providers that hope to tap data to improve the customer experience – by boosting transaction speed or using feedback to improve service offerings – create valuable proprietary assets that become attractive cyber attack targets in their own right.
The continuously secure enterprise
The differentiated customer experience depends on trust. Trust that access and volume can be increased without jeopardizing personal data. Trust that attacks can be stopped and eradicated before sensitive information falls into dangerous hands. Trust that innovation can continue without putting critical information at risk.
To gain and maintain that trust, service providers must invest in the next phase of cyber defense: security orchestration and automation. Timely responses to attacks require the orchestration of complex systems, processes and personnel across all areas of an organization. In fact, research shows that U.S. companies could reduce costs spent on cyber crime by some 40%, given the ability to act on attack intelligence within 60 seconds of a breach. Achieving such levels of rapid response is now possible through the use of automation capabilities that support machine-speed action to contain and eradicate cyber threats.
Service providers the world over already implement a similar approach in the dynamic activation and orchestration tools that enable the automation of complex workflows to support their commercial and consumer offerings. Today’s service providers can tap the same underlying technologies to orchestrate and automate the real-time reconfiguration of enterprise security policies at various levels in their security architecture. This kind of unified approach creates a holistic threat-response capability that tightly couples the data and information from an entire ecosystem of partners and solutions to allow providers to combat cyber threats as if they deployed a single cohesive solution.
The gap between detection and response grows wider every day, and the speed, versatility and frequency of attacks have reduced the effectiveness of traditional threat responses. Controlled security automation and data orchestration technologies can reduce the current widespread dependence on manual intervention and passive defensive tools and reduce the window of attack exposure, all of which reduce risk to sensitive consumer data. Such solutions are essential to keeping complex large-scale systems and networks online and secure, which in turn provides peace of mind to clients and customers, strengthens the trust of the public and delivers exceptional customer experiences. Providers reap long-term gains in productivity, efficiencies and cost savings – gifts that keep on giving.
Selective security automation and real-time orchestration are driving the next big evolution in service provider cyber-security risk management and the next layer of exceptional customer service. The benefit? Priceless. Just ask Target.
Paul Nguyen specializes in governance, risk, compliance solutions, information management and information security strategy for global communications and systems integration organizations that have included KCG, Neohapsis, Deloitte, Symantec, BearingPoint and Telcordia. He is a well-known cyber-security expert and frequent contributor to media outlets such as CSPAN, ISC2, WashingtonExec, Government Executive, Federal Computer Week and Government Computer News. He has published numerous articles, white papers, and security assessments to the federal government and commercial clients.
