For some companies, hacking brings opportunity
Boston Business Journal
Cyber security a ‘huge opportunity’ for local IT
When hackers stole the credit card information of 1.5 million MasterCard and Visa holders last week, customers saw a huge headache.
Data security companies, however, see opportunity.
Executives at Brookline-based data security company K logix, for one, expect huge growth as companies scramble to bulk up their ability to keep hackers from stealing valuable corporate information. K logix has 10 employees but expects to hire at least six more this year, and sees 2012 revenue up about 43 percent to $20 million.
“The average organization spends 3.2 percent of revenue on information technology in general,” said K logix Chief Operating Officer Kevin Pouche. “Of that, they only spend 5 percent on data security. In most instances, that’s just far too little. It’s a billion-dollar organization. Out of that 3.2 percent, I see data security taking up at least half of that over the next few years.”
Pouche said no company will ever be able to completely shield itself from hackers, but there are ways to tighten the barriers. K logix, whose customers include John Hancock, Children’s Hospital Boston and Xerox, assesses each company and tries to cut down on vulnerabilities.
“Cyber security represents a huge opportunity for Massachusetts and New England to reinvigorate the IT sector,” said Bill Guenther, CEO of Boston-based Mass Insight Global Partnerships, which has launched the Advanced Cyber Security Center. The ACSC, based at the MITRE Corp. campus in Bedford, joins university, industrial and research resources to develop ways to protect infrastructure from outside attacks.
“As our colleagues at the Boston Federal Reserve say, defense is a team sport,” Guenther added. “Companies and organizations need to share information about evidence of attacks and best practices in defending against attacks, and that will shape the next generation of more effective products and services.”
Last week’s breach is the first major instance this year of consumer information put at risk by technological flaws or hacking. Last June, Citigroup said computer hackers breached the bank’s network and accessed data of about 360,000 credit card accounts. Hackers attacked Sony last year and accessed the personal information on 77 million PlayStation Network and Qriocity accounts. Google also had a major attack on its Gmail accounts in 2011 that it said appeared to originate in China.
“It’s indicative of what we can expect to see going forward,” said cyber insurance attorney Rick Bortnick at Cozen O’Connor in Philadelphia. “It exemplifies why companies need to be more vigilant. It’s particularly of value to insurance. It’s a cottage industry that will only get bigger and bigger as people who know about it come to realize it’s not a passing fancy or phenomenon. It’s ubiquitous and will continue to grow in magnitude. Simply stated, it’s impossible to prevent a hack by somebody who absolutely knows what they’re doing and wants to get in.”
The theft of credit-card numbers exposes customers of Visa, MasterCard, American Express and Discover cardholders to fraud. Thieves can take the account number and expiration date of a card and create a magnetic strip for a fake card, using it to make online purchases. The attempt could be thwarted if an online merchant asks for a CVV code, or the three to four digits printed on the back of the card. Customers are typically not responsible for fraudulent purchases.
The issue stemmed from a third-party vendor, Global Payments, and not the credit card company’s own internal systems. Visa has now dropped Global Payments from its list of approved service providers.
Global Payments is one of dozens of companies that operate along the payment-processing chain, between the time a person swipes a card to pay and the time the payment is delivered. Customers aren’t typically liable for the fraud, leaving the card issuer with the loss.
“It comes down to privileged access. A single user can do a lot of damage,” said Mark Diodati, cyber security analyst at Gartner in Chicago. “It’s how you monitor privileged users and make sure they are who they say they are before you let them in the system.”
To access the original article, please click here