In recent years, the threat has mushroomed both in terms of the number of attacks and the financial resources targeted. Increasingly, hackers seek out and compromise legitimate user credentials to gain access to protected systems. It could be access to credit bureau files or payment processing files.
In the Target breach, it was a heating and air conditioning vendor that was exploited to gain entry. Eventually thieves grabbed data on over 100 million individuals. ADP payroll processing services experienced a rash of credentials-related breaches in the past two years, as has Experian, one of the Big Three credit reporting agencies. Another new trend is targeting smaller payroll processing companies directly to access their servers.
One recent data breach involving PayTime Payroll of Harrisburg PA hit over 200,000 worker files dating back to 2008. It encompassed both current and former workers of PayTimeís clients as well as some dependents and beneficiaries. Payroll data is probably the mother lode of personal data. Itís the ID thiefís complete tool kit.
As long as the hackers can make money, theyíll continue to seek out these obscure weak links and drill in. I do expect the threat to grow in future years because most firms still have their heads in the sand when it comes to bolstering their IT department. Yes, it costs money to do so but itís money well spent because tighter security will protect your clients, your reputation and your bottom line. Itís disheartening to see how many CEOís still turn a blind eye to the problem until itís too late. As the former CEO of Target could tell them, their jobís also on the line if thereís a massive breach.