New Threats Emerge in a Wired World

As near as they can figure, the data breach occurred in July 2005. It's hard to pinpoint a date because they didn't discover that intruders had slipped through a gap in their network security until December 2006. And by that time, it was too late. With 18 months to pillage undetected, digital thieves made off with 45.6 million credit and debit card numbers stored in the data systems of TJX Companies, Inc., the retail parent of several well-known chains, including T.J. Maxx, HomeGoods, and Marshalls.

For the most part, TJX has remained tightlipped about what appears to be the largest known theft of personal data in history (so far). Some details surfaced through company filings with the U.S. Securities and Exchange Commission. Notably, that no personal information was compromised after Dec. 18, 2006 when TJX identified the data breach and that the company acknowledges it still does not know precisely the extent of the personal data accessed by the intruders.

TJX shares trade on the New York Stock Exchange and the company reports monthly sales revenue in the billions of dollars. That a company of such size could thwart digital intruders isn't surprising, but that the breach went undetected for a year and a half and that the full extent of the theft remains unknown should scare any business leader witless.

Threats Lurk in Every Corner of Your Network
Most businesses today have not only racks of servers processing and storing data as at TJX, but also computers on every desk, distributed applications, Web-based applications such as content management and e-commerce, and cadres of vendors, customers, and employees connected beyond the office walls. The driver for all this wiring up is the seductive allure of a networked organization: automated processes, collaboration across distance and time, and customers and partners empowered in innovative ways. Some organizations even owe their very existence to opportunities inconceivable in an unwired world—Google and eBay to name just two. Yet the undeniable potential of this ubiquitous connectivity can also endanger your organization by compromising customer information, hobbling critical applications, or incapacitating something else vital to your business operations or reputation.

When an intruder breaches your security measures, your business can be crippled. However, the cost of guarding against those threats can be just as debilitating, paralyzing your organization by devouring valuable resources. A security strategy must be effective and affordable.

As TJX management learned the hard way—diagnosis is the first step toward cure: as a business leader, it's crucial that you understand the security risks looming for your client operating systems, application servers, and customer and employee interactions at the edge of your network.

There's no shortage of threats lurking. We're beyond the era of warning your workforce against opening foreign email attachments acting as a substitute for a viable security policy. Today's threats are myriad, from the emergent danger posed by spyware, bots, zero-days, and rootkits to the familiar peril of viruses, worms, and Trojans.

Target Number One: U.S.
Though the predators are increasingly diverse in their methods, the prey remains static. The number one target has been and continues to be the U.S. online population. By some accounts, nearly 30 percent of all malicious Internet activity occurs in the U.S.

Drilling down to specific types of threats, America ranked number one in the malicious code, spam zombies, command-and-control servers, phising, and overall attack categories. China did break the U.S. hammerlock on number one to lead the bot rankings, but China's second-ranked percentage of overall attacks is a paltry 10 percent. The U.S. is the prime target and that puts U.S. businesses in the crosshairs.