Home Depot’s Massive Security Slip Up

December 2, 2014

With companies both large and small becoming increasingly dependent on technology, it’s important for these firms to make sure that their information is secure. But businesses need to do more than simply install anti-hacking software and hope their defenses hold. For instance, earlier this year Home Depot faced two small security breaches before getting hit with a company-wide hack that made national news. Following the minor incidents, security contractors urged executives to implement a few unused features in the anti-hacking system that would protect credit card information at cashier terminals.

Needless to say, Home Depot’s higher-ups ignored the advice. By the beginning of September, the company suffered a hack that put up to 56 million credit cards at risk. Insiders claim the perpetrators targeted the store’s registers, exactly where the additional security measures were meant to protect. According to internal company documents, execs didn’t want to pay the extra costs that came with monitoring the entire register system. This bargain-basement attitude coupled with the company’s aging equipment reportedly frustrated many employees over the years, leading to dozens of departures from a team comprised of fewer than 50 people.

Although there’s no way of knowing if Home Depot could have prevented the attack entirely, experts agree that additional security measures would have significantly increased the chances of detecting a hack. “Simple tactics go a long way, like keeping track that something new is running,” said malware researcher Josh Grunzweig. “I’d argue that would catch 95 percent of this stuff.” For now, the hack doesn’t seem to have affected Home Depot’s sales: the home improvement retailer recently released a positive earnings report and its stock price has been climbing steadily. But even if the company still retains the trust of customers, the dysfunctional relationship between management and its anti-hacking staff could do long term damage. After all, if Home Depot doesn’t sort out its cyber security problems, customers might not be so forgiving of a second intrusion.

 

Questions:

  1. What’s the primary problem companies face when their security is breached?
  1. What does top management need to do regarding security issues?

 

Source: Ben Elgin, Michael Riley and Dune Lawrence, “Home Depot Hacked After Months of Security Warnings,” Bloomberg BusinessWeek, September 18, 2014. Photo by: Robb Sutton.

 

Leave a Reply