Enterprise security is not a one-size-fits-all type of thing. The bigger the company, the more security is needed. A massive company with retail outlets around the country, for instance, will have a much larger IT department than your local neighborhood grocer. But there are certain security considerations that are absolutely integral to businesses of any size. These include a robust authentication strategy as well as physical and logical access. Without these types of proven solutions, companies not only risk failing to comply with industry or government standards, but also risk falling victim to an attack that could cripple business. As the ongoing fallout of a breach on major retailer Michael’s illustrates, these attacks can happen to any type of operation.
First Reported Months Ago, the Large Scale of Michael’s Breach is Now Known
No company ever wants to be in the crosshairs of a cybercriminal. Not only does an attack have the capacity to send an enterprise into the red, but it also puts the company in a situation where it can very quickly fall out of public favor.
In the wake of the much-publicized Target breach, for instance, profits at the store dropped 46 percent, according to The Wall Street Journal. This steep decline was largely attributable to a general sense of mistrust among its customers. Despite the store’s efforts to reach out to its clientele and affirm its commitment to security, nothing could erase the fact that it had been breached.
Recovery from a major attack is by no means a quick process, and fully restoring a company’s reputation may be outright impossible. This is a lesson that Michael’s will have to learn the hard way.
Back in January, influential security expert Brian Krebs – the man responsible for first reporting the Target attack – found evidence of a breach at Michael’s, a large arts and crafts outlet with 1,250 locations nationwide. At the time, the store appeared reluctant to engage with Krebs’ claims, arguing that “in light of the widely-reported criminal efforts to penetrate the data systems of U.S. retailers” – this was around the time when the Target debacle was in full swing – “Michaels believes it is appropriate to let its customers know a potential issue may have occurred.” But time and a large scale investigation has revealed that a malicious incursion did, in fact, happen, and that its impact is widespread.
Millions of Customers Learn Their Credit Card Data Has Been Exposed
A recent public announcement from Michael’s has shed light on the large scale of the attack and the potentially devastating security risks it poses to customers. The store said that the incursion resulted in the theft of credit card information for potentially 2.6 million customers, making this one of the larger breaches in recent memory. But just as distressing as the number of cards hacked is the revelation that the breach went on for more than eight months, from May 2013 to almost the end of January 2014. That the breach happened for two thirds of a year points to the ease of access that cybercriminals enjoy to company platforms that are not well guarded. Fortunately, there are measures organizations can take to guard their enterprise identity. One key element of enterprise security is the implementation of a two-factor authentication strategy, which provides an additional safeguarding wall against third party attackers. A message from Michael’s CEO Chuck Rubin suggests that the company is potentially making efforts to heed this advice. “Michaels is committed to working with all appropriate parties to improve the security of payment card transactions for all consumers,” he said.