Would your organization have a plan in place?
The Target hack has been dethroned as the largest known data breach after less than a year following Home Depot’s revelation that some 56 million credit and debit cards were exposed to hackers due to an assault via customized malware.
The Wall Street Journal’s Robin Sidel reports:
Home Depot Inc. said 56 million cards may have been compromised in a five-month attack on its payment terminals, making the breach much bigger than the holiday attack at Target Corp
It was the first time the do-it-yourself retailer had defined the scale of a breach it said it was alerted to on Sept. 2. It also said for the first time that the malware has been eliminated from its systems.
The attack further highlighted the vulnerability of U.S. retailers to hackers that have been targeting their payment systems. Home Depot began a project to fully encrypt its payment terminal data this year, but was outpaced by the hackers, people familiar with the matter have said. The company said Thursday that the project is now complete in the U.S.
Home Depot claims to have cut hackers off from its system and eliminated the malware, as well as installing a new encryption system for payment data. While those are important steps to take, even more urgent is the need for all organizations to realize that, no matter the precautions they take, they ARE vulnerable to any data stored on computers, or even hard copy sitting in file cabinets, being stolen.
When the question is not if, but when, suddenly the need to prepare crisis management plans for the worst case becomes much more pressing. Don’t wait until you’re already taking damage to figure out what Step 1 should be.
——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-
[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]
– See more at: https://staging.management.org/blogs/crisis-management/2014/09/15/to-share-or-not-to-share/#sthash.UDn4xrFw.dpuf
Home Depot Security – Should Others Be Worried?
Once again a major breach has hit the headlines – this time Home Depot was infected by the same type of malware that looted millions of credit card numbers and sensitive customer information from Target late last year.
Why does this keep happening?
Even with PCI data security standards in place and a big name data security vendor hired on to secure their data, Home Depot failed to protect their business and customers against a known threat.
The truth is, the failure was not due to the tools available, but the lack of expertise, training and care to apply the right technology in the right way. New tokenization methods can help to protect sensitive information in memory, and combat this latest form of memory-scraping malware.
It’s an underappreciated value to find a partner that will not only give you what you ask for, but will advise you on best practices and regulations, work with you in designing an effective security strategy, and ultimately help you find and protect your sensitive data with the best tools available.
The Payment Card Industry Data Security Standard (PCI DSS) guidelines could also have helped them to identify potential weaknesses and close security loopholes. Network design has been a significant issue with large enterprises, but with thorough knowledge and preparation to effectively meet the PCI standards, more breaches can be prevented, and their effects mitigated.
Technology and regulations only take you so far in securing your business. Finding partners and people with the right expertise, knowledge, and care is the key to get you the rest of the way.
Ulf Mattsson, CTO Protegrity