Several years ago I was working with a major restaurant chain. We were doing all kinds of upgrades and improvements to their system. And in the process of this, I found out there was a serious security hole in their system. I bought this up to the folks in the IT department and they did not take it that seriously. They did not want to be bothered because the timeline to get the project finished was all they were interested in.
They told me that they would get to it later. But I urged them to do the due diligence now in order to close any possible security gaps. However, it was of no effect. They continued on with the project and did not make the changes necessary.
Later on, I spent some time there and discovered that they did fix the problem. But not before there had been a persistent malware attack that almost breached their network. It just so happens that the contracted cybersecurity firm was in their office at the time of the attack.
This firm recognized it immediately and stopped the attack. At this point, the folks in the IT department took the necessary action to close this important and dangerous security hole.
Should Not Happen
These types of things should not happen. This company got lucky. Usually, when a breach is discovered it is too late the hackers are in the system and the damage is already done. They dodged a bullet this time.
My suggestions are very straightforward. First, make sure you are doing the regular security audits, don’t wait for an attack to respond. Second is taking this information seriously and get it fixed immediately. A hacker can do a lot of damage in a short period of time. And third, make sure everyone is involved. No one was watching what the IT department at this company did or did not do. This cannot happen take a look here. My article on watching the watcher. It is essential that you have a layered process in place.