In a bizarre twist of fate, the company that makes Target's security software saw its stock price jump after the data breach. How did this happen?
In order to understand why the Target data breach is helping (and not hurting) the security company involved, we need to understand the challenges that data security experts face and how the cyber security market is changing after the biggest data breach in U.S. history.
Who's to Blame for Target's Data Breach, Security Contractors or Target's Admins?
FireEye Inc. makes a product that alerts network administrators when malicious software is detected on their computers. Target, like many companies, uses FireEye to flag potential threats. According to a new report in the Chicago Tribune, FireEye actually detected the malware that caused data from 110 million Target customers to be stolen. So who dropped the ball?
A big company like Target is constantly under siege from malware. Experts estimate that Target receives over a hundred security alerts each day, warning the company about potential threats at its Minneapolis-based headquarters.
When a report came in early December, Target's system administrators ignored it, because they had received countless reports like it that day. So it's their fault, right? Sort of. In reality, both FireEye and system admins are at fault. Here’s why:
- FireEye flags many threats and many of them are actually benign software. When sys admins delete every flagged piece of data, they end up slowing down their network and causing errors. It's fair to blame security software that doesn't make it easy to prevent malware attacks.
- System administrators did not have software or protocol in place that allowed them to isolate malware and delete it. In this sense, they are negligent for trusting software they knew to be limited.
A New Day for Data Security Companies
So why did FireEye's stock price jump almost two percent after this report? Though the company's software isn't perfect, the report demonstrates that it's at least partially effective. The report shows that it correctly flagged Target's malware. This is good press for the company, even if some security experts doubt FireEye's real-world effectiveness.
FireEye's struggles and successes reveal how the current cyber security market is changing post-Target:
- Companies are looking to beef up security. Investors are guessing that after the breach, more companies will purchase FireEye's software. For small security consultants and IT contractors, this interest in cyber security can mean more clients for you.
- Security software is imperfect. The nature of cyber attacks makes it hard to identify genuine threats to your client's data. FireEye's story tells us that even the industry-standard options have major weaknesses.
- Human error is still a leading cause of data breaches. Each year, the independent information security organization the Ponemon Institute publishes a thorough breakdown of the costs and causes of data breaches. The most recent report shows that 33 percent of data breaches are caused by human error. That's the kind of statistic that keeps a sys admin up at night. It doesn't take much for one employee to overlook a security report or cause a major data breach.
- Liability falls on the IT guys. Whether you develop security software, design client networks, or manage systems, you can be sued if a client is hacked. This is especially troubling for contractors and smaller IT companies that don't have the financial resources to defend themselves in court.
How to Survive a Data Breach
You're a small-business owner. If your client is hacked, you probably won't see your stock price jump. You don't have a stock price. Instead, you'll probably see a lawsuit.
You need to take necessary precautions to prevent data breaches, but you'll also need to protect yourself from data breach lawsuits. E & O Insurance can cover these lawsuits by paying for legal bills, settlement costs, and damages you owe a client that's been hacked.
Because data breaches are so disruptive to a client's business, you can end up being sued for their lost profits and other damages. To get an idea about how much E&O coverage costs, look at these insurance cost estimates for IT companies.