The Target data breach keeps coming up in the headlines and I have a few thoughts I would like to share on that subject. Publicly, the breach has been blamed on an HVAC company. I’m here to tell you, if the login for an HVAC subcontractor was able to access the information that was obtained, the fault for this breach still solidly belongs with Target and their network management team.
This incident brings up a lot of important issues to consider and lessons to learn. If your employees have access to the networks of clients vendors or other partners, or if you allow others to access your network, we should all be asking ourselves the following questions:
Is this access still necessary?
Do we routinely review this access, and disable when it is no longer needed?
Do we have sufficient policies in place to govern the use of this access and any data that may be obtained, both intentionally and unintentionally?
Are both parties taking proper precautions to ensure the access is properly secure and protected?
Do both parties have a written agreement regarding this access, addressing all of these issues?
Have you conducted a recent audit of your security policies, in conjunction with your IT provider? I’m sure that HVAC contractor wishes they had – and even though the real fault probably lies somewhere else, will that company survive this incident? Doubtful.
Another important issue raised is a new term you’ll start hearing, the “Internet of things” or “Internet of Everything”. We’ve reached the point where most people are “connected” – via computers, cell phones, tablets, we almost can’t unplug. The next revolution is connecting “things” to the Internet. As wireless access becomes more prevalent, and costs to connect continue to fall, sensors will be installed in all types of devices. From HVAC systems to refrigerators, exercise equipment, shelves & cupboards, doors to potting soil, even individual product packaging.
Sensors can track location and behavior and even provide situational awareness, allowing machines to make analytical decisions. Imagine getting a text that the mayo has been outside the refrigerator for 30 minutes! Gartner estimates there will be over 26 billion “things” connected to the Internet in the next 6 years, far more than the 7.3 billion PCs, Smartphones and Tablets estimated for 2020. Of course, there are many convenience, safety & security applications for this technology – but how else will this level of connectivity affect our lives? I guess we’ll see!