Category: Data Breach

10 Easy Ways To Prevent A Data Breach

prevent data breach
Did you know that there was an average of one data breach every single day in the U.S. last year? That more than 800 million records were exposed in data breaches last year? Or that the average cost of a data breach is now a staggering $3.5 million?

These are not statistics you want to be part of or costs you want to incur. So remember the following tips as part of your breach prevention program:

Read More

Anatomy Of A Security Breach: Target

Target security breach 2013It’s not often we get a chance to attend a security breach postmortem — a step-by-step, hack-by-hack, mistake-by-mistake account of what went so horribly wrong. The U.S. Commerce Department recently presented their report into all the mistakes Target made, and which could have avoided, in its recent massive data breach.

The report provides what’s referred to as an “intrusion kill chain” that highlights all the places Target had a chance to spot the breach and stop it. But missed. For example:

  • The hackers were able to identify a potential Target vendor or supplier to exploit because Target made such a list publicly available. That was the starting point for the hackers.
  • The vendor targeted had very little security in place. The only malware defense they appeared to have used to protect their business was free software meant for personal and not business use.
  • The vendor’s employees had received little if any security awareness training, and especially on how to spot a phishing email. So the hackers used a phishing email to trick at least one of those employees into letting them in the back door.
  • Once in the vendor’s systems, the hackers were able to use stolen passwords without the need for authentication because Target did not require two-factor authentication for low-level vendors.
  • The hackers are suspected of gaining further access from the vendor by using a default password in the billing software the vendor used. If the default password had been changed, the attack might have stopped right there.
  • There were few controls in place to limit access the vendor had on the Target network. Once the vendor had been compromised, Target’s entire networks were exposed.
  • When the hackers installed their Point of Sale malware on Target’s networks and began testing the malware, that activity was detected by Target’s security systems but the alarms were simply ignored.
  • When the hackers created an escape route and began moving the stolen data off Target’s networks, that activity triggered alarms too but once again, the alarms were ignored.
  • Some of the data was moved to a server in Russia, an obvious red flag for Target security which once again was missed.
  • The login credentials of the vendor were used throughout the attack, yet Target’s security system wasn’t able to detect that those credentials were being used to perform tasks they weren’t approved for.

We keep saying that every business large and small has important lessons to learn from Target. Don’t waste the opportunity. Double-check your own security and see if there are any obvious gaps you haven’t spotted but need to be sealed. Need help? Give SiteLock a call any time, 24/7/365, at 855.378.6200.

Google Author: Neal O’Farrell

POS Malware

Big Brands Defenseless Against POS Malware

2014 could go down as one of the most significant years in the world of cybersecurity, and malware in particular. It wasn’t just the small window that revealed data breaches at Target, Neiman Marcus, Michaels Craft Stores and potentially dozens of other retailers. Nor was it the fact that this explosion in data breaches could all be the work of a seventeen-year-old.

Read More

2013 Target Breach Exposes Much More Than Data

target data breachAs we continue to dissect the massive data breach at Target, we’re going to learn lots of lessons. But probably the biggest lesson you can take away from it is that if it can happen to Target, it can certainly happen to you. Even if it’s on a much smaller scale, it could still be big enough to matter to you.

Read More

12 Simple Steps to Data Protection

Did you know that there has been an average of more than one reported data breach in the U.S. every single day for each of the last five years? And that’s only the reported data breaches. The number of unreported or undiscovered data breaches could be ten times, even one hundred times that number.
Those data breaches combined have exposed more than 4.2 billion records, and some studies have found that more than 80% of those breached records have included Social Security numbers.

Read More

Page 4 of 4

Powered by WordPress & Theme by Anders Norén