Dell CSO shares lesson from Target breach

There’s a lesson CISOs can learn from the infamous theft of tens of millions of pieces customer information at international retailer Target Brands, but the head of Dell Inc’s security says it’s not the one you think.

C-level executives who took the fall “weren’t fired because they got breached,” John McClurg, vice-president and CSO of the computer manufacturer told a conference in Toronto on Thursday, “but because having spent shareholder money on possible solutions they didn’t leverage those to actually mitigate the damage.”

McClurg, was a good friend of Target’s head of security and said the incident was “a painful experience.” CIO Beth Jacob resigned after the company learned 40 million credit and debit cards and 70 million records with personal information were lifted after attackers infected Target’s point of sale system.

Hackers got into the retailer’s system in November, 2013 by going through the system of a ventilation contractor who had online access to Target, reportedly through a phishing attack.

A Target vice-president later told Congress that the intrusion was detected by its security systems, but the company’s security professionals didn’t act until notified by the U.S. Justice department of the breach.

There are news reports that Target’s FireEye malware intrusion detection system and Symantec end point anti-virus software triggered alerts.

“Everybody’s being compromised these days; you don’t get fired for that,” McClurg told reporters after his presentation. “It’s how quickly did you detect it, how well were you enclave so when you did detect it the damage was contained, how thoroughly and robustly was information they were after encrypted, and how quickly do you expel them, and how well did you leverage the incident into a stronger prowess?”

He was speaking at the annual conference of the Ontario Association of Community Care Access Centres, a not-for-profit member and technology shared services organization that supports Ontario’s 14 Community Care Access Centres (CCACs), The centres help provide home and community care.

McClurg has some experience with break-ins: About five years ago, shortly after becoming vice-president of global security at Honeywell International, the FBI told him one of the conglomerate’s servers had been breached and was linked to a botmaster in China. Unlike Target, there were no warnings from internal systems.

That, he said was part good news/bad news.

The bad news was that a server was compromised on the eve of negotiations on a sensitive negotiation with China and Honeywell competitors.

The good news was the FBI confirmed the worries of McClurg, who had been wondering why the company hadn’t been hit by an attack that other corporations were reporting.

He’d combed through log files sensing there must be evidence of something suspicious, but found nothing.

The call from the FBI gave him a “a mixed feeling,” McClurg admitted to reporters. “On the one had you liked validating what you’re gut’s telling you. Happy feeling. On the other hand, what does it really mean …”

He convinced company executives to leave the exploit for several months to gain information. Analysis showed the server had been compromised two years before; the attackers sat silent, likely waiting for information to help China in the product negotiations.

McClurg wouldn’t say if the attackers got any information.

The incident shows the importance of industry and government agencies working together to share security information, he said.

“Clearly in some instances we’re up against (state and criminal) adversaries who look like they’re better funded, better staffed.”

Also while talking to reporters he said one of the biggest mistakes CSOs make is not fully understanding their environment and related risks. “Without understanding your environment you can’t properly interpret the signals coming in on what you should do,” he said.  Security pros have to question whether are risks internal, external, human, and how threats align potentially with the organization’s vulnerabilities.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now