Only the Beginning?
Experts warn of cyber criminals’
constant hunt to hack
As retail giant Target last month upped the estimate on the number of customers whose personal information was stolen during a historically massive data breach late last year—up to 110 million potential victims—and details began to emerge about another data theft at Niemann Marcus, cloud security experts warned consumers to expect more hacking in today’s cyber world.
"The chance of your data being hacked is real. It’s an advanced, persistent threat," said Robert Siciliano, a McAfee online security expert.
Target probably did as much as it could to prevent being hacked, he said. Like everyone else, however, the Minneapolis-based company must deal with the fact that hackers are working around the clock to break into its system, he said.
"What Target did to protect their data is pretty comprehensive. They didn’t leave the door wide open," Siciliano said.
Between Nov. 27 and Dec. 15—during holiday shopping—hackers nabbed credit and debit card data from Target customers nationwide. The data heist included customer names, mailing addresses, encrypted personal identification numbers and phone numbers. Niemann Marcus said in mid-January that its networks were breached over the holiday shopping season last year, too, but didn’t disclose how many customers were affected.
The Target security breach will have a massive impact on consumers for some time, perhaps even years, said Eric Chiu, president and co-founder of HyTrust, a cloud computing firm. The hackers "aren’t going to go out and buy a boat with your credit card right away," he said. "Maybe they’ll start small or wait for a while."
David Kennedy, founder and principal security consultant for Trusted SEC, a security firm, said now that hackers have made a big score on the Target data—he estimates the take to be in the billions of dollars—other retailers should be on their guard. "They smell blood in the water," Kennedy said. "This is just the beginning."
What’s being done to help consumers? For those affected by the big breach, Target said customers won’t be held liable for any fraudulent charges. The company is also offering one year of free credit monitoring and identity theft protection to all customers.
Target also said it’s planning "significant changes," but didn’t go into detail.
Last month, a bill was resurrected to create a national reporting standard for data breaches like the one that seized Target. It would apply to retailers and financial institutions, and require both to tell government and consumers of harmful data breaches.
"Consumers, government agencies and businesses of all kinds have proven to be extremely vulnerable to fraud and identity theft, and the Target data breach is just the latest example of this serious problem," said Sen. Thomas Carper, D-DE, who wants to reintroduce the bill.
More security vendors will undoubtedly search for ways to protect consumers from cyber criminals. One technique gaining more traction is data encryption, which will assist vendors with computations on client data without revealing the original data. IBM is one company seeking a patent on "fully homomorphic encryption" technology.
"Fully homomorphic encryption will enable companies to confidently share data and more easily and quickly overcome challenges or take advantage of emerging opportunities," said Craig Gentry, an IBM researcher and co-inventor on the patent.
Secure chipped "smart card" technology, common in about 80 countries outside the United States, are almost impossible for criminals to duplicate. Switching systems for the largest and most complex market in the world, however, would be a costly and tedious process, said Mary Ann Miller, a director at Nice Actimize, which sells financial crime-prevention software. ATMs, bank authorization systems, retailers’ card readers and the cards themselves would need to be changed.
Regardless of security steps taken, there’s never a guaranteed solution, and safeguarding the amount of data merchants store in the cloud from customer transactions has become a daunting task.
"With how vast these networks are, it’s difficult if not impossible to completely protect them," said Shawn Henry, president of Crowdstrike Services. "If you build a 10-foot firewall, they bring a 12-foot ladder and they’re into the organization. These sophisticated adversaries are so calculated, and they’re always moving one step ahead of our defenses."
- Arlotta, C.J., "IBM Promotes Encryption Patent Amid NSA, Cloud Spying Concerns," Talkin’ Cloud, Dec. 31, 2013, http://talkincloud.com/cloud-computing-security/ibm-promotes-encryption-patent-amid-nsa-cloud-spying-concerns.
- CBS News, "Retailers Hacked: Are Data Breaches at Target and Neiman Marcus Connected?" Jan. 13, 2014, www.cbsnews.com/news/retailers-hacked-are-data-breaches-at-target-and-neiman-marcus-connected.
- DiBlasio, Natalie, "Target Breach ‘Watershed Event,’ for Security," USA Today, Jan. 10, 2014, www.usatoday.com/story/money/business/2014/01/10/target-security-emv/4406861.
- Ramakrishnan, Sruthi, "Target Planning ‘Significant Changes’ After Data Breach," Reuters, Jan. 13, 2014, www.reuters.com/article/2014/01/13/us-target-breach-idusbrea090l120140113.
- Volz, Dustin, "The Terrifying Target Data Breach Is Even Worse Than We Thought," National Journal, Jan. 10, 2014, www.nationaljournal.com/technology/the-terrifying-target-data-breach-is-even-worse-than-we-thought-20140110.
- Wasserman, Todd, "Target Says Up to 110 Million Potential Victims in Data Breach," Mashable, Jan. 11, 2014, http://mashable.com/2014/01/10/target-70-million-data-breach.
Revenues Are Up, but Economy Is Still a Challenge, Manufacturers Say
Sixty-five percent of manufacturers experienced revenue growth last year, but nearly half still consider the economy to be their biggest challenge, according to results from ASQ’s 2014 Manufacturing Outlook Survey.
And while 64% of respondents worldwide expect increased revenue this year, that percentage is slightly down from years past. In last year’s survey, 65% anticipated growth in 2013, and 66% of respondents to the 2012 survey anticipated growth during that year.
In 2012 and 2013, 70% of manufacturers said they experienced revenue growth compared to just 65% in this year’s survey.
Despite the percentage of manufacturers expecting increased revenues in 2014, 46% of the respondents said the economy continues to be the biggest hurdle to operations, while 18% said the shortage of skilled workers is the biggest challenge they foresee in 2014.
Other hurdles identified include global competition, lack of new products, government sequestration and lack of leadership.
"While certain economic indicators are improving, the current state of the economy is a topic of concern for manufacturers," said ASQ Past Chair John Timmerman. "Quality tools provide a systematic and reliable approach for manufacturers to increase customer loyalty, improve operational efficiencies and reduce defects that help increase market share and economic prosperity."
Respondents to the survey represented aerospace, automotive, food, medical device, pharmaceutical and utility industries, among others. The digital survey took place Nov. 21 to Dec. 5. More than 700 manufacturing professionals around the world responded.
Who’s Who in Q
NAME: Peter Pylipow.
RESIDENCE: Fleming Island, FL.
EDUCATION: Master of engineering in management engineering from Rensselaer Polytechnic Institute in Troy, NY.
FIRST JOB RELATED TO QUALITY: Pylipow took a quality control class in college. His first job after graduation was as quality engineer at Eastman Kodak Co. in Rochester, NY. Soon after, he became an ASQ member.
CURRENT JOB: Pylipow is a principal engineer with Johnson & Johnson Vision Care Inc. in Jacksonville, FL, and Limerick, Ireland. His function is new product validation at both facilities.
PREVIOUS JOB: Various quality assurance capacities at Eastman Kodak Co., including stops in departments such as motion picture finishing, optical products and high-performance imaging systems manufacturing.
ASQ ACTIVITIES: Member of the technical review board for QP. Previously served as a judge for the ASQ International Team Excellence Award.
OTHER ACTIVITIES/ACHIEVEMENTS: Certified by the Institute of Industrial Engineers in systems integration and certified by Eastman Kodak as a Six Sigma Black Belt. Also has served as a Malcolm Baldrige National Quality Award examiner.
PUBLISHED WORKS: Pylipow is a regular contributor to QP’s Expert Answers department and has written several QP articles. He also has had articles published in Quality magazine and Society of Motion Picture and Television Engineers Journal.
RECENT HONOR: Pylipow was included in the 2013 class of
PERSONAL: Married with two sons, ages 14 and 15.
FAVORITE WAYS TO RELAX: Watching sports, participating in family activities and staying fit by working out at a gym and road bicycling.
QUALITY QUOTE: It doesn’t matter what you’ve done. What do you need to do?
ASQ WORLD CONFERENCE
Keynote Speakers for 2014
Annual Event Announced
A graffiti artist, a former U.S. Navy commander, a school-choice advocate and other prominent business leaders form the impressive list of keynote speakers scheduled to address audiences at ASQ’s World Conference on Quality and Improvement (WCQI) May 5-7 in Dallas.
Erik Wahl is an internationally recognized graffiti artist, a best-selling author and an entrepreneur. Drawing from his experience as a businessman and artist, Wahl’s on-stage paintings deliver visual metaphors to the core of his message—encouraging organizations toward profitability through innovation and superior levels of performance. He is scheduled to speak in the morning on Monday, May 5.
Bob Pence is the CEO of Freese and Nichols Inc., an engineering, architecture and environmental science firm with locations in Texas and North Carolina. He was at the organization’s helm when it became the first engineering/architecture firm to receive the Malcolm Baldrige National Quality Award in 2010. He is scheduled to speak in the afternoon on Monday, May 5.
Mike Abrashoff is the former commander of the U.S.S. Benfold and the founder of GLS Worldwide, a consulting firm that addresses organizational leadership, talent and business challenges. He has authored three books offering leadership and organizational lessons: It’s Your Ship, Get Your Ship Together and It’s Our Ship. Before commanding the U.S.S. Benfold, Abrashoff served as the military assistant to Secretary of Defense William J. Perry. He is scheduled to speak in the morning on Tuesday, May 6.
Alicia Boler-Davis is senior vice president, global quality and global customer experience, at General Motors Co. (GM). Her previous GM positions were U.S. vice president, customer experience, and vice president, global quality and U.S. customer experience. Before that, Boler-Davis was plant manager of Orion Assembly and Pontiac Stamping, simultaneously. She is also the first African-American woman to be appointed to the position of plant manager at a GM vehicle manufacturing plant. She is scheduled to speak in the afternoon on Tuesday, May 6.
Michelle Rhee is the controversial former Washington, D.C., schools chancellor who founded and now serves as CEO of StudentsFirst, a school choice organization. Under her leadership in Washington, D.C., the worst-performing school district in the country became the only major city system to see double-digit growth in state reading and state math scores in seventh, eighth and 10th grades over three years. Rhee is the author of Radical: Fighting to Put Students First. She is scheduled to speak in the morning on Wednesday, May 7.
For more about the speakers and the conference, visit http://wcqi.asq.org.
TECHNICAL CONFERENCE The deadline to submit abstracts for the 58th annual Fall Technical Conference is Feb. 26. The event, sponsored by ASQ and the American Statistical Association, will be held Oct. 2-3 in Richmond, VA. Organizers are looking for presentations related to an applied or expository paper about statistics or quality control, or for tutorials and case studies. For more information, contact Flor Castillo, chair of ASQ’s Chemical and Process Industries Division, at firstname.lastname@example.org.
NEW CASE STUDY ASQ’s Knowledge Center has released a new case study about a New Zealand port company’s Six Sigma project to reduce the number of IT call tickets that were not completed within agreed-on timeframes. Read the case study at http://asq.org/knowledge-center/case-studies-IT-tickets.html.
BY THE NUMBERS
The number of K-12 and higher education institutions that received Education Team Excellence Recognition Awards at the 21st annual National Quality Education Conference. The recipients are:
Universidad Tecnológica Nacional-Facultad Regional Buenos Aires, Argentina. The team was honored for its improvement project to reduce the time to return test records.
Ingenium Charter Elementary School, Canoga Park, CA. The team used continuous improvement to establish, monitor and evaluate an innovative data analysis process to drive outstanding results in student outcomes.
Kaneland School District, Maple Park, IL.The team implemented a panel process in which multiple candidates are interviewed in one session.
Kaneland Harter Middle School, Sugar Grove, IL.The team used quality tools to help students and parents during middle school transition.
University of Wisconsin-Stout, Menomonie, WI. The team applied virtual modeling and lesson study to improve teacher performance and enhance students’ critical thinking and learning outcomes.
Visit http://asq.org/nqec for more details.
THE COORDINATE METROLOGY Society (CMS) has issued a call for papers for its 30th annual CMS Conference July 21-25 in North Charleston, SC. Abstracts for technical papers and presentations for the event must be received by March 14. For more information about presenting a technical paper at the conference, contact Scott Sandwith at email@example.com.
THE FOUNDATION FOR the Malcolm Baldrige National Quality Award is accepting applications for its executive director position. The executive director reports to the foundation’s chair and will have overall fundraising, outreach, strategic and operational responsibility for the foundation in its efforts to support the sustainability and growth of Baldrige. The ideal candidate will provide leadership and experience in advancing the foundation’s mission as a donor-centric organization. For more information, email the search committee at firstname.lastname@example.org.
APPLICATIONS ARE NOW being accepted for the 2014 Malcolm Baldrige National Quality Award. Applicants must submit eligibility forms to the Baldrige Performance Excellence Program by April 1 (Feb. 18 if also submitting a nomination to the Board of Examiners). Application forms are due May 13 (April 29 if submitting on CD only). Forms and guidance for the award are available at www.nist.gov/baldrige/enter/how_to_apply.cfm.
RESEARCH EVENT SLATED The American Society for Nondestructive Testing will host its 23rd annual research symposium March 24-27 in Minneapolis. For more information, visit www.asnt.org.
A BUSINESS PROCESS framework has been released to help U.S. healthcare insurance organizations facilitate improvement through process management and benchmarking. The American Productivity & Quality Center, along with KPMG, an audit, advisory and tax services firm, developed the process classification framework to help U.S. healthcare insurance organizations in their process definition, benchmarking and content management activities. A copy of the document can be downloaded at www.apqc.org/process-classification-framework.