Target Hackers Broke in Via HVAC Company — Krebs on Security

As someone who does most of his work through remote access, I worry about things like this. I think that it can be done safely, but I worry that the knee-jerk reaction will be to eliminate or severely curtail remote access.

Target Hackers Broke in Via HVAC Company — Krebs on Security.

There are a lot of benefits to be derived from remote access. It seems that there is a shortage of qualified people to do the work that needs to be done. It may sound a little crass, but I like to say that moving my butt around doesn’t add additional value. If I can work on one system, and then immediately go to the next problem at another site without having to spend hours or days driving, then the client, the economy, and the environment are all better served. It is important to take these considerations into account when weighing the risks. Most companies would be better spending the time to implement and monitor remote access properly, and managing their contractor behavior. Eliminating remote access and paying for the additional time and travel of all of their contractors would in most cases be much more costly.

I guess if I were playing devil’s advocate here, I would have to admit that right now Target wishes that they had ponied up the extra money to pay for a bunch of site visits rather than having to deal with this embarrassing and costly fiasco. I would argue that they should have been doing a better job of managing and monitoring the remote access, although I fear that is not the answer many managers would choose.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: