This Week
  • Hyatt reborn in June

  • Personal touch key advantage of independent agents

  • Tina Baughman: Driven by an entrepreneurial spirit

  • Repeat business drives dealership's sales.

  • Chiropractor Melinda Houle helps clients adjust.

  • The Health Care Achievement Awards 2017 supplement.

Target breach heightens security concerns

Rochester Business Journal
January 3, 2014

After Target Corp.'s data breach from Nov. 27 to Dec. 15, which compromised some 40 million credit and debit cards, cybersecurity has been a subject of heightened interest among local businesses.
Cybersecurity will be the topic for new workshops at Rochester Institute of Technology on Jan. 15-17 and 23-24. The events are intended to help attendees develop offensive and defensive strategies for their businesses.
"Businesses have to understand that security is a necessity that should be integrated into their daily operations," said Andrew Sears, professor and dean for RIT's B. Thomas Golisano College of Computing and Information Sciences. "Security requires ongoing vigilance, knowledgeable security professionals, investing in appropriate hardware and software solutions, and training all employees so they can be part of the solution."
The attack on Target-the second-largest data breach in U.S. retail history-has drawn attention to the subject of cybersecurity, but the key is constant awareness.
"For cybersecurity defense, it's difficult because you have to defend the whole perimeter, the network of the people, but for attackers, (they) just need to find one weak point," said Bo Yuan, associate professor of computer security at RIT.
A data breach-any occurrence in which an unauthorized person gains access to sensitive information-can take many forms.
Locally based Iberdrola USA Inc. suffered a data breach last year at its recruitment Internet site and reported one in 2012 as well.
"Iberdrola USA takes any unauthorized access to its physical, information or cyberassets very seriously," said Keri Glitch, executive director of information technology at Iberdrola. "We recently united all security responsibilities (physical, cyber, information and North American Electric Reliability Corp. compliance) into one organization. We did this to raise the significance and importance of security within our company, and I think that's happening in companies across the utility industry."
Educating a workforce that may be accustomed to constant data sharing in their personal lives is a challenge because the line of separation is not always clear for all employees.
"Remind people: Make sure you isolate your home use (and) work," Yuan said. "Separate them. Security is inconvenient by nature; you are restricting people's access, so there's some kind of trade-off that people have to make."
After a data breach occurs, though data can never be fully recovered, a company's strategy to prevent another attack can be an effective step forward.
"We believe that one of our most important assets is our reputation for integrity and maintaining a tradition of trust with our customers, regulators and employees," Glitch said. "Protecting our assets is a core principle.
"In the event of an unauthorized incident, we believe the best approach is to notify our customers and regulators as quickly as we reasonably can and to provide supplemental services such as credit monitoring. We also bring in forensic analysis firms to help ensure the incident is quickly contained, corrected and prevented from happening again."
No company is fully protected from a cyberattack.
"Companies need to take cybersecurity seriously," RIT's Sears said. "They need to have security experts on their team to help ensure that up-to-date security mechanisms are in place to protect their networks, devices and data. The key is that this is an ongoing process that involves the timely installation of patches, regular security audits and ongoing education about new threats and attacks."
The nature and details of attacks are constantly changing, so companies must remain vigilant, he added. "While small businesses are frequently attacked, presumably because it is assumed they may invest less in security, larger organizations with massive amounts of data are attractive targets."
Strong passwords, avoidance of questionable websites, refraining from installing software from unknown sites and reporting suspicious activities to the right people are all ways employees can reduce the risk of successful attack.
"Employees need a better understanding of how to identify potentially malicious online requests, while an organization's security team will need the ability to identify attacks, assess their damage and have protocols in place to enable data recovery," Sears said.
A data breach can affect any community, no matter what the size.
"A data breach or unauthorized access incident can have long-term impacts to businesses within Rochester and around the world," Glitch said.
As a company changes, the cybersecurity plan must change with it.
"Cybersecurity is like a cat-and-mouse game," Yuan said. "Whatever solution would come up, the bad guys always try to figure out a new way."
The instructors for each workshop this month are full-time faculty members from RIT's department of computing security, a designated Center of Academic Excellence in Information Assurance Education by the U.S. National Security Agency, as well as home of the 2013 National Collegiate Cyber Defense Champions.
Individuals interested in the workshops can contact Yuan at The registration deadline is Jan. 3.

1/3/14 (c) 2014 Rochester Business Journal. To obtain permission to reprint this article, call 585-546-8303 or email

What You're Saying 

There are no comments yet. Be the first to add yours!

Post Your Own Comment


Not registered? Sign up now!

To Do   Text Size
Post CommentPost A Comment eMail Size1
View CommentsView All Comments PrintPrint Size2
ReprintsReprints Size3
  • E-mailed
  • Commented
  • Viewed
RBJ   Google