Many in the security field have been following the story of the Global Payments breach this week. First reported by Brian Krebs on his award winning security blog, he has continued to follow the story as more details have been uncovered day by day. As many outlets reported, due to the breach, Visa removed Global Payments from its list of preferred vendors. Global Payments can still process transactions, but at a significantly higher fee. The company’s stock dropped 9% the day of the breach before trading was halted, and has continued to drop after trading resumed on Monday. It is also expected that Global Payments will have to dip into its cash reserves of $300-400 million to cover the loss associated with the breach.
The negative financial blows to Global Payments noted above highlight the significant impact a security breach can have on a company today. Gone are the days when security vendors warned of the potential impact a nefarious hacker might have on your network, hoping to play the fear card in order to gain a sale. The threats from multinational criminal and state sponsored hacker groups is now very real, and these threats can inflict significant financial and public relations damage to your organization. With the spate of attacks and breaches that have been covered in the last year, security is finally starting to be a topic focused on in the executive suite, with many leaders struggling to determine how to communicate the state of security effectively.
Global Payments issued a statement on the breach, which included the following statement from their CEO: “It is reassuring that our security processes detected an intrusion.” However, in Krebs latest update to the story, he notes that the New York Times reported that Global Payments was breached in early 2011. One of Krebs hacker sources also shared similar information, saying “the company’s <Global Payments> network was under full criminal control from that time until March 26, 2012.” Global Payments stock has been negatively affected, their fees to do business with Visa have significantly increased, and they have a large payout from their cash reserves looming to both Visa and MasterCard to cover the card holder losses because of this breach . In light of those facts, it is surprising to hear their CEO is reassured they discovered the intrusion after the fact.
Breaches like Global Payments, as well as the numerous events that were highlighted in 2011, show that the reactionary approach that has been taken within the security world is not adequate to protect companies from the negative financial impacts a breach can inflict. Companies need to operationalize risk within their day to day security activities, and reduce the danger to their networks by making threats and vulnerabilities visible and actionable. This enables organizations to prioritize and address high-risk security vulnerabilities before breaches occur. FireMon’s Risk Analyzer, now integrated into Security Manager with the 6.0 release, automates the identification of what assets are vulnerable within a network, and prioritizes what actions will reduce the greatest amount of risk with the least amount of effort. Risk Analyzer moves security from a reactionary exercise to a proactive approach that allows you to fix your vulnerable assets before they can be exploited. As this latest breach exposes, not operationalizing risk within your security organization can be a costly decision.