[bdamm]

I completely agree with you. It's quite amusing to see this time and time again; 'security' folks then say "oh, it's Target/Home Depot/Heartland Payment/Apple/Adobe/Yahoo's fault"

There's an easily identifiable pattern here. Security is not economically feasible. Cyber security breaches are like industrial accidents or freak acts of nature, and they should be treated that way. Insurance, OSHA, inspectors, training. This problem is not going to go away.

Specifically for credit cards, banks could do a lot to solve the problem by removing the plaintext identity value that is a credit card number. As an engineering discipline, we can do a great deal to remove the high-value targets from flowing through many hands.

[pbhjpbhj]

>Security is not economically feasible //

Isn't it that others bear the cost of company's security lapses - except for good will - and so they don't really care beyond the legislated need to care? Are these companies making a loss?

It certainly sounds like Home Depot just thought that it wouldn't happen to them and so they could cheap it out - not pay for intrusion detection, not pay to have systems scanned for known vulnerabilities (I'm reading between the lines of the OP article a bit here), not paying for security updates like current anti-virus.

[xnull2guest]

Companies lose huge amounts of money, much of it from PR with customers, when they are hacked. The recent EBay hack for example lost the company huge amounts of money (remember seeing but haven't had luck finding the numbers online).

But you're only thinking about customer retailers.

Many companies need to keep their intellectual property, source code, designs and trade secrets safe from hackers and competitors. Intel is a great example of a company that dominates an industry purely due to IP. Chinese companies (and government) sponsored hackers would love to utilize 12 nm transistor technology to outcompete Intel. I can't help but to wonder what Intel microcode update keys would sell for.

Brazilian PETROBRAS lost billions of dollars when they got hacked by the NSA and as a result lost offshore oil drill location auctions.

There's also 'outsider trading'. Intimate knowledge of what financial decisions companies and states are going to make is big money (http://tinyurl.com/l834xou).

Finally, there's stealing money directly from corporate accounts (Axis Bank). A recent example are the thefts of large numbers of bitcoins from bitcoin trading companies. Often hackers abuse automated clearing house systems to transfer data between accounts and siphon small quantities across large swaths of time/transactions (http://www.bankinfosecurity.com/ach-fraud-payroll-hack-drain...).

Then there's political hacking. The Chinese government stole Israel's Iron Dome defense system specifications. What does that 'cost'? It's hard to calculate. There are countless examples where state actors steal designs from defense contracting companies.