Feb 26 - Data breaches like the one at Target during the holiday shopping season catches public attention but a security insider says the industry does not have enough personnel to deal with the growing list of data security threats. Lily Jamali reports.
So just how much did that hack attack last year cost Target? In its quarterly earnings call Wednesday, executives couldn't put a price on it. But they did say profits took a big hit, and the financial fallout is expected to continue into the future. In the week leading up to their quarterly earnings release, the company sent out this letter to loyalty RedCard holders saying since the data breach, the company has accelerated a $100 million investment to put chip-enabled technology in place by early 2015... six months ahead of schedule. The letter also assures customers they won't be liable for fraudulent charges. Attackers stole 40 million credit and debit card records and compromised the personal information of tens of million more people. Target wasn't the only target of hackers. A number of other retailers, including Neiman Marcus, were also hacked during the same period. Several obstacles stand in the way as companies try to defend themselves. One is manpower. Hewlett-Packard security expert Art Gilliland says across industries, not enough people work security IT and training new personnel takes time. SOUNDBITE: HEWLETT-PACKARD SECURITY EXPERT ART GILLILAND (ENGLISH) SAYING: "There's a four year funnel to get educated people in the workforce. So that rapid demand in technology and the chase of crime has just created this massive gap between educated people exiting and being in the workforce, and the demand that's out there." Gilliland says companies also need to share more information with each other when data breaches happen. The U.S. Department of Homeland Security has already established so-called "ISACs" - or Information Sharing and Analysis Centers - which encourage communication within some American industries. But Reuters cyber-security correspondent Jim Finkle says most companies aren't willing to share without prodding from regulators. SOUNDBITE: REUTERS CYBER SECURITY CORRESPONDENT JIM FINKLE (ENGLISH) SAYING: "One of the reasons is, nobody wants other people to know when they've been attacked. They're very reluctant to report it. They only do it when they have to." The smart-card technology Target has in the works is popular in Europe but has been slow to be adopted in the U.S. Finkle says it won't stop fraud. But it can buy companies valuable time between the moment they're hacked and the moment criminals can use the information they've stolen.