Expert: Retailers Like Target Under Increasing Threat

Updated: 02/21/2014 7:42 AM By: Tom Hauser

KSTP File Photo
KSTP File Photo

The cybersecurity breach at Target Corporation during the 2013 holiday season caught most of us by surprise. 

That's not true of Kevin Mandia, CEO of Mandiant, a cybersecurity firm based in the Washington, D.C. area. "It's the new normal," says Mandia, who was in the Twin Cities to speak at a tech conference sponsored by Milestone Systems of Minnetonka. 

Mandia was retained by Target to help figure out how it was hacked and how to keep them from being hacked again. Mandia couldn't speak directly about any specific client, but he could speak about how the cybersecurity issue impacts American companies. 

"As long as people can hack with no risk or repercussions, this is something that's here to stay," he told KSTP reporter Tom Hauser in an interview. "It's going to happen again and again and again.  It's just the nature of the cybersecurity."

Mandia knows what he's talking about. He was featured on the cover of Fortune Magazine last year as "The CEO who caught the Chinese spies red-handed." Mandia's firm uncovered massive cyber espionage being conducted by the Chinese government against American companies to steal trade secrets. 

He says other groups of hackers also attack American companies every day. Every time there's a new defense, there's a new attack. "You're defending a wide front, maybe multiple fronts against an attacker who can pinpoint where he wants to hit you," Mandia says. "Unfair fight."

Mandia says retailers are especially vulnerable because of their thousands of entry points from sales counters to vendors. "I always liken it to getting sucker punched," says Mandia.  "It's really hard to be the head of security at any retailer. These blue chip American retailers during the holiday time frame (especially) because you get massively targeted."

That means consumers are ultimately targeted, too.  That's why Mandia urges consumers to constantly track their credit accounts and credit reports without waiting for a news story or an "alert" from a company.  He says very often companies are being hacked and don't know it for weeks or months or longer.