Have you ever heard of Fazio Mechanical (And no, it’s not our friend, Tom Fazio, the world famous golf architect)? We certainly had not, nor most Americans. Fazio Mechanical is a heating, air conditioning and refrigeration company in Sharpsburg, Pennsylvania, right outside Pittsburg. According to multiple sources, a single Fazio Mechanical IT decision lead to 70 million records being stolen from the second largest discount retailer in the United States, Target. This action cost Target’s CEO and CIO their jobs and cost the company more than $400 million.
The ripple effects of such a decision seem unfathomable. How could the decision to use a free version of popular security software compromise 70 million Americans’ data? In saving approximately $15,000 per year by using the incorrect, consumer version of the software, the company allegedly cost Target 26,000 times that.
An email phishing attack, it seems, led to malware sitting on Fazio’s servers for at least two month, allowing hackers to access Target’s servers and steal the data.
Ironically, Fazio had anti-malware software, but unfortunately the free version that they used does not detect in real-time and did not notice the malware residing on their servers.
The version of Malwarebytes that Fazio used is designed for individual consumers and services basic security needs. The free version however, is not permitted for corporate use and should not be used as a sole provider of protection—especially on business networks—as it does not provide the Pro-version’s critical, real-time scanning.
Here at ANS, we also use Malwarebytes—the professional version—as part of our multi-layered hardware-and-software based security solutions for our clients. With multiple methods of data breaches, hackers employ many, many tools. We have found that a good design includes firewalls, anti-spam and anti-malware on servers and workstations, third-party patching and robust password policies prevents malicious hackers.
More and more companies that do business with Fortune 500 companies are being forced to adopt the security policies of the larger companies. Additionally, there are several local companies competing for contracts with large, international companies who have adopted enterprise-grade security tools and policies.
Hackers know it is far easier to exploit lax policies at smaller suppliers than it is to penetrate corporate networks, and will continue to do so until smaller businesses adopt the security policies of enterprise providers.