For data security expert Phillip Smith, the proliferation of news about consumer data breaches isn’t media hype: Hackers are a growing problem that companies can’t fix, only mitigate.
Smith, senior vice president of data security company Trustwave Holdings Inc., told members of a House subcommittee on Wednesday that breaches are on the rise. But companies can lessen their vulnerability to hackers. The businesses, however, need a set of tools to do so.
“There’s no silver bullet,” Smith said in his testimony before the Commerce, Manufacturing and Trade Subcommittee of the Energy and Commerce Committee. “A multilayered approach to security involves people, process, technology and innovation.”
Smith said chip-and-PIN technology, which uses a smart chip and passcode for payment cards, is one of the tools that could help companies fight hackers. Executives from Target Corp. and Neiman Marcus Group Ltd. have expressed support for the technology, after their companies made headlines for data breaches last year.
John Mulligan, the executive vice president and chief financial officer of Target, said at a Senate hearing on Tuesday that chip technology already is going into his company’s stores and should be ready for customer use next year. Michael Kingston, the senior vice president and chief information officer of Neiman Marcus, also said at that hearing that his company “will consider anything that is going to make this process and consumer information safer.”
Rep. Lee Terry (R-Neb.), chairman of the Commerce, Manufacturing and Trade Subcommittee, said at the hearing that he understands the need for flexibility in anything the government does to help protect consumer data.
“If we are to seriously address the problems surrounding consumer data security, it will take thoughtful and deliberate actions at all stages of the payment chain,” Terry said. “I don’t believe we can solve this problem by codifying detailed, technical standards or with overlaying cumbersome mandates. Flexibility, quickness and nimbleness are all attributes that absolutely are necessary in cybersecurity.”