About the Show

Anchored by Jake Tapper, The Lead airs at 4 p.m. ET on CNN.

Anchored by Jake Tapper, The Lead airs at 4 p.m. ET on CNN.

On the Next Episode of The Lead

We've moved! Come join us at our new show page.

We've moved! Come join us at our new show page.

December 19th, 2013
05:27 PM ET

Expert: Companies like Target can't prevent hackers

(CNN) - A breach of credit and debit card data at Target may have affected as many as 40 million people who shopped at the store in the three weeks after Thanksgiving, the retailer said Thursday.

The Secret Service, charged with safeguarding the nation's financial infrastructure and payment systems, confirmed it was investigating the breach last Wednesday.

Asked if companies are prepared to prevent such breaches, security expert Shawn Henry said, "I don't think you can prevent them."

"Right now the offense outpaces the defense, and the most sophisticated adversaries are going to get on the network," says Henry, president of CrowdStrike, and former FBI executive assistant director.

"The most companies can really do, is hope that they can detect this when it occurs, and they do that by vigilantly hunting on their network," said Henry.

Target, the second largest general retailer in the U.S. after Wal-Mart, did not figure out the breach for more than two weeks, though Henry said the company is "very vigilant" on its network.

Target didn't specify how its systems were hacked. Judging by the scope of the breach and the kind of information criminals got, security experts say hackers targeted the retailer's point-of-sale system – either slipping malware into the terminals where customers swipe their credit cards, or collecting customer data while it was on route from Target to its credit card processors.

For those who shopped at Target, Henry says they need to monitor their accounts.

"Consumers' role in this case is being aware, being alert – not unlike in the physical world where you watch your purse, you watch your wallet, you make sure you're vigilant ... Same thing in the electronic world," says Henry.

Hackers are looking for any kind of access into a network, at the point-of-sale level, through e-mails with malicious attachments, or through an insider.

"Once they have that little foot hold onto the network, they can work their way horizontally, vertically through that network, and gain access to the most sensitive aggregated data, where really the crown jewels of an organization is often located," said Henry.

The Secret Service will look through Target's network for "digital DNA" – like IP addresses, for example – hunting for clues as to who may have breached the system, says Henry.

"Most of these cases have an international nexus," says Henry. If that is the case with Target, the Secret Service will work with international partners to find the attackers, and bring them to justice.

Posted by , ,
Filed under: Money Lead
soundoff (No Responses)

Post a comment


CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.