Welcome!

News Feed Item

Learning From the Target Data Breach: How Businesses and Consumers Can Protect Against Today's Top Security Threats

Six key network security takeaways for retailers and business, plus four key tips for the Target consumer

SEATTLE, Jan. 29, 2014 /PRNewswire/ -- Between November 27 and December 15, 2013, unknown attackers breached Target's network and stole the debit and credit card data of 40 million account holders, including an additional 70 million accounts with personally identifying information (PII). More than a month later, it is now known that the attackers used a derivative variant of BlackPoS, called Trojan.POSRAM, and security researchers have linked the malware to young Russian hackers.

In a recent blog post, WatchGuard Technologies' Director of Security Strategy and Research, Corey Nachreiner (CISSP), explores the Target data breach and provides: 1.) a complete timeline of events to date, including what information is still unknown about the attack; 2.) four tips every Target customer should follow to protect themselves in the aftermath; and 3.) a list of six key network security takeaways every retail business should take to heart.

Here is a short portion of the complete blog post, titled "Building Defense Out of Disaster; Learning From the Target Breach":

What can businesses and retailers learn from the attack? Here are some of my key takeaway tips:

  1. PoS targeted malware is on the rise, prepare for it – Over the past few years, experts in the info security field have noticed the steady increase in malware that specifically targets point-of-sale (PoS) systems. So how do you prepare for it? Patch PoS systems, enforce a separation of duties, educate your cashiers…
  2. You need to segment your trusted network – As an industry, we have adopted a general trilateral paradigm that includes the external network (Internet), a demilitarized zone (semi-public servers), and our trusted network. The problem is our trusted network should not be flat. It makes it much to easy for attackers to perform lateral movement…
  3. You need more proactive malware detection – Unfortunately antivirus (AV) technology still relies heavily on reactive, signature-based detection. This means that it can't find and block new malware until after it's first analyzed, which is typically not until after it has infected at least one victim. However, recently newer malware detection controls have surfaced…
  4. Focus your defense on data – In a presentation I gave at Gartner ITxpo last year, I talked about how most of our preventative security controls are focused on protecting machines and devices, and not necessarily on protecting data directly. We need to spend a bit more time monitoring and protecting data directly…
  5. Focus more on detection and response – Preventative controls are a must for any organization, and they are probably the best bang for your buck. However, I'm afraid many organizations have focused too singularly on prevention and have forgotten to consider the other very important aspect of network security – detection and response. Cybersecurity is a continuous arms race…
  6. The U.S. must update its credit and debit card standards – Without going into all the technical details, most of the data stored on magstripe cards are stored in clear text, and you can easily recover or clone the data with cheap readers. EMV cards actually have small microprocessors on them, which use cryptographic standards to authenticate cards. In short, EMV makes it much harder for attackers to clone cards…

To get complete details on the Target attack, as well as in-depth analysis from WatchGuard's security experts, follow this link: http://watchguardsecuritycenter.com/2014/01/28/target-breach-learnings/

About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry standard hardware, Best-of-Breed security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard products are backed by WatchGuard LiveSecurity® Service, an innovative support program. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter @WatchGuardTech on Facebook, or on the LinkedIn Company page.

WatchGuard is a registered trademark of WatchGuard Technologies, Inc.  All other marks are property of their respective owners.

Contacts:
Kerry Desberg
WatchGuard Technologies
(206) 613-3760
[email protected]

Justin Hall
Voxus PR
253-444-5442
[email protected]

SOURCE WatchGuard Technologies, Inc.

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Providing the needed data for application development and testing is a huge headache for most organizations. The problems are often the same across companies - speed, quality, cost, and control. Provisioning data can take days or weeks, every time a refresh is required. Using dummy data leads to quality problems. Creating physical copies of large data sets and sending them to distributed teams of developers eats up expensive storage and bandwidth resources. And, all of these copies proliferating...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In his Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, will explore t...
In recent years, containers have taken the world by storm. Companies of all sizes and industries have realized the massive benefits of containers, such as unprecedented mobility, higher hardware utilization, and increased flexibility and agility; however, many containers today are non-persistent. Containers without persistence miss out on many benefits, and in many cases simply pass the responsibility of persistence onto other infrastructure, adding additional complexity.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
Pentaho has announced orchestration capabilities that streamline the entire machine learning workflow and enable teams of data scientists, engineers and analysts to train, tune, test and deploy predictive models. Pentaho’s Data Integration and analytics platform ends the ‘gridlock’ associated with machine learning by enabling smooth team collaboration, maximizing limited data science resources and putting predictive models to work on big data faster – regardless of use case, industry, or languag...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
SYS-CON Events announced today that Addteq will exhibit at SYS-CON's DevOps Summit at Cloud Expo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Addteq specializes in creating innovative solutions to solve business processes through the use of DevOps automation. Addteq was founded on the firm belief that automation is essential for successful software releases. Addteq's products and services are centered around the fundamental approach of understanding the pr...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
VeriStor Systems has announced that CRN has named VeriStor to its 2017 Managed Service Provider (MSP) 500 list in the Elite 150 category. This annual list recognizes North American solution providers with cutting-edge approaches to delivering managed services. Their offerings help companies navigate the complex and ever-changing landscape of IT, improve operational efficiencies, and maximize their return on IT investments. In today’s fast-paced business environments, MSPs play an important role...
Peak 10 has announced that it has completed a 20,000 square foot expansion of its Cincinnati-area data center, a 6,000 square foot expansion of its data center campus in Charlotte’s University Research Park, and added a pair of seasoned executives to its leadership team. This further propels the company on its aggressive growth trajectory to meet the rising demand for flexible hybrid IT strategies and solutions across its enterprise customer base. Cincinnati is home to companies like Kroger, Pr...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...