Imagine this scenario – you just discovered that your IT systems have been hacked into. Even worse, after pouring over logs and conducting exhaustive analysis you discover that the data breach had been going on for weeks. Since that time, the perpetrator or perpetrators have been systematically siphoning sensitive data from your network. Now imagine that it’s your job to report this Data Breach to the CEO. Would your heart just skip a beat? I know mine would.
This awful scenario, while hypothetical has no doubt been played out both within businesses and government agencies throughout the world. In addition to the lost trust, embarrassment, operational disruption, and the financial impact on your brand, data privacy laws and regulations further raise the stakes through imposed fines. Moreover, Wall Street definitely doesn’t take kindly to Data Breaches.
Here is a not so typical example of how a data breach can play out in the real world, but one you need to be aware of. This is an account of happened to Heartland Payment System, a Payment Process Provider (NYSE: HPY). In 2008, Heartland Payment Systems was alerted to suspicious account activity related to their customers from their partners Visa and MasterCard. Heartland conducted an all out investigation and were horrified to discover that they were unaware that a packet sniffer had been surreptitiously installed on their network.
At the time of this discovery, Heartland’s stock was trading at $25. per share, with 36.83m outstanding shares. As the full extent of the data breach came to light, Wall St. punished the stock. Over the ensuing months, the stock hit a low of just under $5 per share. That’s over and 80% drop in value or approximately $736 million. In addition to the massive drop in market cap, Heartland was forced to pay substantial fines, and spent vast sums on consultants and both software and hardware to harden their network. Overall,according to news articles, the Data Breach cost Heartland $140 million in fines and other hard dollar costs.
What truly shocked everyone was the sheer magnitude of the breach – some 130 million credit card accounts were stolen. This single data breach could have put Heartland out of business. It’s taken years, but thanks to some shrewd crisis management, Heartland has regained customer trust, and thankfully, the stock is doing better than ever – trading at $44.47 per share as of this writing.
Heartland’s troubles could have been greatly minimized if they had an early warning system alerting them to network anomalies. Much like a smoke alarm alerts us to fire, monitoring inbound requests and outbound responses with Splunk would have alerted and directed management to suspicious network activity which could quickly have been rooted out quickly.
To use an analogy – A tiny fire quickly extinguished causes little damage, but if you aren’t aware, that same small fire can become a raging inferno and take down your business.
Public service announcement – Remember to check the batteries in your smoke detectors on your birthday.