In a weekend highlighted by banal football chatter, a critical news story received minimal attention. Beyond Packers, Steelers, and new Bud Light commercials, the Wall Street Journal reported a security breach of NASDAQ last Friday. Apparently, hackers penetrated the NASDAQ OMX Group which runs a service providing "secure" communications between public companies and their boards. The target application known as "Directors Desk" is a privately-run collaboration system for corporate mucky-mucks.This breach is yet another example of what cyber security is all about. These guys knew what they wanted (i.e. insider information) and found a way to get it. I read through a number of stories about this breach and none of them indicated when this breach took place. The bad guys could have been intercepting confidential communications for months or years. Imagine how much money you could have made if you had access to board of direction-level banter for the past 6 months? That's likely what took place here.In the recently-published ESG Research report, "Assessing Cyber Supply Chain Security Vulnerabilities Within the US Critical Infrastructure" (available for free download at www.enterprisestrategygroup.com), 68% of the critical infrastructure organizations surveyed had experienced at least one security breach over the past 12 months. As of Friday, we can officially add NASDAQ to this list. I hope that this breach scares the heck out of CEOs, corporate boards, Wall Street, and congress. Many public and private organizations are sitting ducks in an increasingly insidious cyber security landscape.Does anyone else hear a ticking time-bomb?