Repositories of important consumer information present targets for attackers, making an involved data loss prevention strategy vital. Small or large, nearly any company can provide hackers with a generous payday if data security measures break down, meaning that any firm in any sector could find itself under attack.
The most recent large-scale example of data being lost on a massive scale came from a company with little name recognition but a large store of customer data ready to be exploited.
Global Payments, a credit card payment processor, recently found its customer database compromised by hackers. It was initially believed that hundreds of thousands of cardholders from many major companies may have had confidential records exposed, but further developments have proven the breach is worse than predicted. The latest reports have stated that the number of breached records may be 1.5 million.
“It is crucial to understand that this incident does not involve our merchants or their relationships with their customers," said Global Payments CEO Paul Garcia. He also emphasized that it was his company's first time suffering a breach.
Credit card information presents a tempting target for attackers, because of its immediate value. Companies processing transactions, which are a formidable section of the retail market in the age of ecommerce and multichannel retail, need to be sure of PCI compliance and look into advanced security strategies. Customer trust can be intimately tied to a company's ability to safeguard customer information.
The aftermath of a major data breach can be very painful for an affected company. ZDNet described Global Payments as "in ruins," with the company likely to need its $300 to $400 million cash reserves to make up for the breach. The news source gathered statements from a number of top market analysts to determine paths forward that the firm could take.
Security firm product management director Matt Ulery said, according to ZDNet, that the breach demonstrates the importance of the PCI standards but underlines that the bare minimum of PCI compliance might not be enough. Companies, he said, should seek out ways to maximize their security, using PCI targets as a baseline rather than a final goal. The source also reported a statement from monitoring software CEO Mike Potts, who used the attack as proof that simply employing perimeter-based security is not enough to effectively contain breaches.