Lessons in Compliance

7 Jul 2017
Posted in: 

With the recent announcement of Target reaching a settlement agreement with the State Attorneys Department in 47 States, many in industries that are reliant on information technology are reconsidering the importance of compliance. In total Target has agreed to pay $ 18,5 million to settle rather than waiting to hear what would happen if it went to court. Not only does Target have to pay the aforementioned agreed upon amount mentioned above; they must also implement a far more robust information security program. Even though Target is a large multi-national this fine cannot be deemed a drop in the ocean as it is not only the fine but the further cost of improving their information security systems. This settlement comes only months after Home Depot agreed on a settlement amount of $ 25 million for a data breach which affected numerous financial institutions.


Target’s Case

In what feels almost like a decade ago given the amount of cyber security related news, Target experienced a data breach in December 2013. Cyber criminals managed to gain access to Target’s sensitive data via an employed heating, ventilation, and air conditioning services contractor. The contractor was targeted by cyber criminals in order to gain credentials in order to breach the retail giant. The contractor admitted that it was connected and maintained a data connection with Target in order for electronic billing, project management, and contract submission. This was all that was required for cyber criminals to gain access to Target’s sensitive data.


Both the Target and Home Depot cases are stark reminders as to the importance of not only having a robust security posture but also adhering to State and Federal compliance regulations. Adherence to these regulations will not prevent cyber-attacks per se. They will, however, prevent organizations in the event of an attack having to pay large court settlements or even crippling legal fees with cases that could run for years.


Industry Compliance

While many industries already have strict compliance requirements with regard to their information security policies other do not. In general, the Law firms are not as regulated as other industries such as the financial and healthcare sectors. This is despite them often dealing with sensitive data regarding import cases, mergers, and acquisitions. Large law firms may have a network operations center but this is insufficient to prevent attacks and data breaches as such centers are geared towards monitoring the health and availability of the network. Although, for the time being, the sector is not strictly regulated data breaches can still have severe financial let alone reputational costs. This can be prevented by employing a fully managed threat monitoring system that operates 24/7.


An industry which has seen a dramatic rise in implementing such systems has been the motor industry and in particular vehicle dealerships. Due to the massive amount of finance related transactions experienced by many dealerships which involve dealing with sensitive information such as social security numbers, private, and personal information. Protecting such data is of the utmost importance. By implementing a fully managed Security and Information Event Management solution which monitors devices and networks 24/7 is the best way to protect valuable data and ensure compliance. The cost of developing one’s own team, hiring experts, implementing, and deploying such a solution can be astronomical.



Vijilan’s Solution

The experienced and dedicated cyber security team at Vijilan understand that the cost of insuring compliance can easily be dwarfed by the cost of lengthy and debilitating remediating of a security breach. In many industries, a Security and Information Event Management (SIEM) system is required for industry compliance. Thus not only does Vijilan ensure your organisation's compliance but also offers a fully managed SIEM which monitors your networks and devices 24/7. This allows for a drastic increase in your organisation's security posture and quick detection and resolution of potential attacks. While many SIEM systems if done in-house can cost hundreds of thousands of dollars just to implement, Vijilan offers a world-class cloud-based SIEM at a low monthly subscription and can even leverage your existing SIEM to further improve your security posture. This is ideal for small to medium enterprises.

Contact Us

Contact Us