Welcome!

News Feed Item

Learning From the Target Data Breach: How Businesses and Consumers Can Protect Against Today's Top Security Threats

Six key network security takeaways for retailers and business, plus four key tips for the Target consumer

SEATTLE, Jan. 29, 2014 /PRNewswire/ -- Between November 27 and December 15, 2013, unknown attackers breached Target's network and stole the debit and credit card data of 40 million account holders, including an additional 70 million accounts with personally identifying information (PII). More than a month later, it is now known that the attackers used a derivative variant of BlackPoS, called Trojan.POSRAM, and security researchers have linked the malware to young Russian hackers.

In a recent blog post, WatchGuard Technologies' Director of Security Strategy and Research, Corey Nachreiner (CISSP), explores the Target data breach and provides: 1.) a complete timeline of events to date, including what information is still unknown about the attack; 2.) four tips every Target customer should follow to protect themselves in the aftermath; and 3.) a list of six key network security takeaways every retail business should take to heart.

Here is a short portion of the complete blog post, titled "Building Defense Out of Disaster; Learning From the Target Breach":

What can businesses and retailers learn from the attack? Here are some of my key takeaway tips:

  1. PoS targeted malware is on the rise, prepare for it – Over the past few years, experts in the info security field have noticed the steady increase in malware that specifically targets point-of-sale (PoS) systems. So how do you prepare for it? Patch PoS systems, enforce a separation of duties, educate your cashiers…
  2. You need to segment your trusted network – As an industry, we have adopted a general trilateral paradigm that includes the external network (Internet), a demilitarized zone (semi-public servers), and our trusted network. The problem is our trusted network should not be flat. It makes it much to easy for attackers to perform lateral movement…
  3. You need more proactive malware detection – Unfortunately antivirus (AV) technology still relies heavily on reactive, signature-based detection. This means that it can't find and block new malware until after it's first analyzed, which is typically not until after it has infected at least one victim. However, recently newer malware detection controls have surfaced…
  4. Focus your defense on data – In a presentation I gave at Gartner ITxpo last year, I talked about how most of our preventative security controls are focused on protecting machines and devices, and not necessarily on protecting data directly. We need to spend a bit more time monitoring and protecting data directly…
  5. Focus more on detection and response – Preventative controls are a must for any organization, and they are probably the best bang for your buck. However, I'm afraid many organizations have focused too singularly on prevention and have forgotten to consider the other very important aspect of network security – detection and response. Cybersecurity is a continuous arms race…
  6. The U.S. must update its credit and debit card standards – Without going into all the technical details, most of the data stored on magstripe cards are stored in clear text, and you can easily recover or clone the data with cheap readers. EMV cards actually have small microprocessors on them, which use cryptographic standards to authenticate cards. In short, EMV makes it much harder for attackers to clone cards…

To get complete details on the Target attack, as well as in-depth analysis from WatchGuard's security experts, follow this link: http://watchguardsecuritycenter.com/2014/01/28/target-breach-learnings/

About WatchGuard Technologies, Inc.
WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry standard hardware, Best-of-Breed security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard products are backed by WatchGuard LiveSecurity® Service, an innovative support program. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter @WatchGuardTech on Facebook, or on the LinkedIn Company page.

WatchGuard is a registered trademark of WatchGuard Technologies, Inc.  All other marks are property of their respective owners.

Contacts:
Kerry Desberg
WatchGuard Technologies
(206) 613-3760
[email protected]

Justin Hall
Voxus PR
253-444-5442
[email protected]

SOURCE WatchGuard Technologies, Inc.

More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Cloud Expo, Inc. has announced today that Andi Mann and Aruna Ravichandran have been named Co-Chairs of @DevOpsSummit at Cloud Expo Silicon Valley which will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. "DevOps is at the intersection of technology and business-optimizing tools, organizations and processes to bring measurable improvements in productivity and profitability," said Aruna Ravichandran, vice president, DevOps product and solutions marketing...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to ma...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
In the world of DevOps there are ‘known good practices’ – aka ‘patterns’ – and ‘known bad practices’ – aka ‘anti-patterns.' Many of these patterns and anti-patterns have been developed from real world experience, especially by the early adopters of DevOps theory; but many are more feasible in theory than in practice, especially for more recent entrants to the DevOps scene. In this power panel at @DevOpsSummit at 18th Cloud Expo, moderated by DevOps Conference Chair Andi Mann, panelists discussed...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists looked at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deliver...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
The taxi industry never saw Uber coming. Startups are a threat to incumbents like never before, and a major enabler for startups is that they are instantly “cloud ready.” If innovation moves at the pace of IT, then your company is in trouble. Why? Because your data center will not keep up with frenetic pace AWS, Microsoft and Google are rolling out new capabilities. In his session at 20th Cloud Expo, Don Browning, VP of Cloud Architecture at Turner, posited that disruption is inevitable for comp...