|By PR Newswire||
|January 29, 2014 01:30 PM EST||
SEATTLE, Jan. 29, 2014 /PRNewswire/ -- Between November 27 and December 15, 2013, unknown attackers breached Target's network and stole the debit and credit card data of 40 million account holders, including an additional 70 million accounts with personally identifying information (PII). More than a month later, it is now known that the attackers used a derivative variant of BlackPoS, called Trojan.POSRAM, and security researchers have linked the malware to young Russian hackers.
In a recent blog post, WatchGuard Technologies' Director of Security Strategy and Research, Corey Nachreiner (CISSP), explores the Target data breach and provides: 1.) a complete timeline of events to date, including what information is still unknown about the attack; 2.) four tips every Target customer should follow to protect themselves in the aftermath; and 3.) a list of six key network security takeaways every retail business should take to heart.
Here is a short portion of the complete blog post, titled "Building Defense Out of Disaster; Learning From the Target Breach":
What can businesses and retailers learn from the attack? Here are some of my key takeaway tips:
- PoS targeted malware is on the rise, prepare for it – Over the past few years, experts in the info security field have noticed the steady increase in malware that specifically targets point-of-sale (PoS) systems. So how do you prepare for it? Patch PoS systems, enforce a separation of duties, educate your cashiers…
- You need to segment your trusted network – As an industry, we have adopted a general trilateral paradigm that includes the external network (Internet), a demilitarized zone (semi-public servers), and our trusted network. The problem is our trusted network should not be flat. It makes it much to easy for attackers to perform lateral movement…
- You need more proactive malware detection – Unfortunately antivirus (AV) technology still relies heavily on reactive, signature-based detection. This means that it can't find and block new malware until after it's first analyzed, which is typically not until after it has infected at least one victim. However, recently newer malware detection controls have surfaced…
- Focus your defense on data – In a presentation I gave at Gartner ITxpo last year, I talked about how most of our preventative security controls are focused on protecting machines and devices, and not necessarily on protecting data directly. We need to spend a bit more time monitoring and protecting data directly…
- Focus more on detection and response – Preventative controls are a must for any organization, and they are probably the best bang for your buck. However, I'm afraid many organizations have focused too singularly on prevention and have forgotten to consider the other very important aspect of network security – detection and response. Cybersecurity is a continuous arms race…
- The U.S. must update its credit and debit card standards – Without going into all the technical details, most of the data stored on magstripe cards are stored in clear text, and you can easily recover or clone the data with cheap readers. EMV cards actually have small microprocessors on them, which use cryptographic standards to authenticate cards. In short, EMV makes it much harder for attackers to clone cards…
To get complete details on the Target attack, as well as in-depth analysis from WatchGuard's security experts, follow this link: http://watchguardsecuritycenter.com/2014/01/28/target-breach-learnings/
About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry standard hardware, Best-of-Breed security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard products are backed by WatchGuard LiveSecurity® Service, an innovative support program. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.
WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.
SOURCE WatchGuard Technologies, Inc.
SYS-CON Events announced today that MobiDev will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobile software company with over 200 develope...
May. 31, 2016 10:15 AM EDT Reads: 2,896
How will your company move to the cloud while ensuring a solid security posture? Organizations from small to large are increasingly adopting cloud solutions to deliver essential business services at a much lower cost. According to cyber security experts, the frequency and severity of cyber-attacks are on the rise, causing alarm to businesses and customers across a variety of industries. To defend against exploits like these, a company must adopt a comprehensive security defense strategy that is ...
May. 31, 2016 09:45 AM EDT Reads: 894
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his general session at 18th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Part...
May. 31, 2016 09:30 AM EDT Reads: 868
We’ve been doing it for years, decades for some. How many websites have you created accounts on? Your bank, your credit card companies, social media sites, hotels and travel sites, online shopping sites, and that’s just the start. We do it often without even thinking about it, quickly entering our personal information, our data, in a plethora of systems. Sometimes we’re not even aware of the information we are providing. It could be very personal information (think of the security questions you ...
May. 31, 2016 09:30 AM EDT Reads: 1,042
The cloud era has reached the stage where it is no longer a question of whether a company should migrate, but when. Enterprises have embraced the outsourcing of where their various applications are stored and who manages them, saving significant investment along the way. Plus, the cloud has become a defining competitive edge. Companies that fail to successfully adapt risk failure. The media, of course, continues to extol the virtues of the cloud, including how easy it is to get there. Migrating...
May. 31, 2016 09:15 AM EDT Reads: 822
SYS-CON Events announced today that Super Micro Computer, Inc., a global leader in Embedded and IoT solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Supermicro (NASDAQ: SMCI), the leading innovator in high-performance, high-efficiency server technology, is a premier provider of advanced server Building Block Solutions® for Data Center, Cloud Computing, Enterprise IT, Hadoop/Big Data, HPC and ...
May. 31, 2016 09:15 AM EDT Reads: 885
18th Cloud Expo, taking place June 7-9, 2016, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some...
May. 31, 2016 09:00 AM EDT Reads: 3,262
SoftLayer operates a global cloud infrastructure platform built for Internet scale. With a global footprint of data centers and network points of presence, SoftLayer provides infrastructure as a service to leading-edge customers ranging from Web startups to global enterprises. SoftLayer's modular architecture, full-featured API, and sophisticated automation provide unparalleled performance and control. Its flexible unified platform seamlessly spans physical and virtual devices linked via a world...
May. 31, 2016 09:00 AM EDT Reads: 2,436
@DevOpsSummit taking place June 7-9, 2016 at Javits Center, New York City, and Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 18th International @CloudExpo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
May. 31, 2016 08:45 AM EDT Reads: 3,065
SYS-CON Events announced today that BMC Software has been named "Siver Sponsor" of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. BMC is a global leader in innovative software solutions that help businesses transform into digital enterprises for the ultimate competitive advantage. BMC Digital Enterprise Management is a set of innovative IT solutions designed to make digital business fast, seamless, and optimized from mainframe to mo...
May. 31, 2016 08:45 AM EDT Reads: 2,418
SYS-CON Events announced today that Catchpoint Systems, Inc., a provider of innovative web and infrastructure monitoring solutions, has been named “Silver Sponsor” of SYS-CON's DevOps Summit at 18th Cloud Expo New York, which will take place June 7-9, 2016, at the Javits Center in New York City, NY. Catchpoint is a leading Digital Performance Analytics company that provides unparalleled insight into customer-critical services to help consistently deliver an amazing customer experience. Designed...
May. 31, 2016 08:15 AM EDT Reads: 2,125
"What we see what happens when you have a completely networked society and the potential to now drive the value creation and the collaboration and the ecosystems that are possible when you start to be able to connect people and industries together in ways that have never been possible before," explained Esmeralda Swartz, VP of Marketing Enterprise & Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
May. 31, 2016 08:15 AM EDT Reads: 1,824
Companies can harness IoT and predictive analytics to sustain business continuity; predict and manage site performance during emergencies; minimize expensive reactive maintenance; and forecast equipment and maintenance budgets and expenditures. Providing cost-effective, uninterrupted service is challenging, particularly for organizations with geographically dispersed operations.
May. 31, 2016 08:00 AM EDT Reads: 2,346
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
May. 31, 2016 08:00 AM EDT Reads: 1,884
The Internet of Things (IoT) is growing rapidly by extending current technologies, products and networks. By 2020, Cisco estimates there will be 50 billion connected devices. Gartner has forecast revenues of over $300 billion, just to IoT suppliers. Now is the time to figure out how you’ll make money – not just create innovative products. With hundreds of new products and companies jumping into the IoT fray every month, there’s no shortage of innovation. Despite this, McKinsey/VisionMobile data...
May. 31, 2016 07:45 AM EDT Reads: 1,829