Category: Data Breach

PCI compliance

Protecting Your Business From A Data Breach

It’s been a good time for malware and its authors, but a very bad time for businesses and especially those that have suffered a data breach. A variety of point of sale (PoS) malware has run rampant through thousands of business and retailers in just the last few months, creating a massive haul of stolen credentials for hackers worldwide. And making consumers a very nervous bunch.

The Home Depot Data Breach

The latest victim is Home Depot, which only just announced that it had lost at least 56 million customer credit and debit cards to hackers who used a variant of PoS malware that’s growing in popularity amongst criminals — because it apparently works very well.

Read More

PCI Compliance: Rules Stiffening

pci complianceAs yet another series of data breaches unfolds, there’s been more focus on PCI compliance than ever before. And for good reason. Apparently the PCI Standards Council, the body that overseas PCI, thinks that too many companies are failing in their obligations.

In just the last two weeks we’ve seen major data breaches announced at firms like JP Morgan Chase, Community Health Systems (4.5 million Social Security Numbers exposed), UPS, Dairy Queen, and more than 1,000 retailers.

Read More

10 Ways A Data Breach Will Cost You

There’s no such thing as an easy security breach. Unless of course you’re a hacker — all too often they seem to easily breach the security of way too many websites. (Check out the OWASP Top 10 to learn more about common exploits)

But if you’re a business owner, being the victim of a data breach is certainly costly. Just how costly is a data breach? Well, that depends a great deal on circumstances and luck.

But here’s just a selection of some of the costs you might be facing:

Read More

Give Us This Day Our Daily Breach

daily breachSeems like hardly a day goes by without a report of yet another data breach. And that’s because a day doesn’t go by without one. There has been an average of one reported data breach every day for the last five years, and 2014 has no intention of bucking the trend.

According to the non-profit Identity Theft Resource Center, there have been 411 reported data breaches in the U.S. in the first six months of this year. That works out to an average of more than two data breaches every day. And those data breaches combined have exposed an estimated 11 million records.

Read More

10 Easy Ways To Prevent A Data Breach

prevent data breach
Did you know that there was an average of one data breach every single day in the U.S. last year? That more than 800 million records were exposed in data breaches last year? Or that the average cost of a data breach is now a staggering $3.5 million?

These are not statistics you want to be part of or costs you want to incur. So remember the following tips as part of your breach prevention program:

Read More

Anatomy Of A Security Breach: Target

Target security breach 2013It’s not often we get a chance to attend a security breach postmortem — a step-by-step, hack-by-hack, mistake-by-mistake account of what went so horribly wrong. The U.S. Commerce Department recently presented their report into all the mistakes Target made, and which could have avoided, in its recent massive data breach.

The report provides what’s referred to as an “intrusion kill chain” that highlights all the places Target had a chance to spot the breach and stop it. But missed. For example:

  • The hackers were able to identify a potential Target vendor or supplier to exploit because Target made such a list publicly available. That was the starting point for the hackers.
  • The vendor targeted had very little security in place. The only malware defense they appeared to have used to protect their business was free software meant for personal and not business use.
  • The vendor’s employees had received little if any security awareness training, and especially on how to spot a phishing email. So the hackers used a phishing email to trick at least one of those employees into letting them in the back door.
  • Once in the vendor’s systems, the hackers were able to use stolen passwords without the need for authentication because Target did not require two-factor authentication for low-level vendors.
  • The hackers are suspected of gaining further access from the vendor by using a default password in the billing software the vendor used. If the default password had been changed, the attack might have stopped right there.
  • There were few controls in place to limit access the vendor had on the Target network. Once the vendor had been compromised, Target’s entire networks were exposed.
  • When the hackers installed their Point of Sale malware on Target’s networks and began testing the malware, that activity was detected by Target’s security systems but the alarms were simply ignored.
  • When the hackers created an escape route and began moving the stolen data off Target’s networks, that activity triggered alarms too but once again, the alarms were ignored.
  • Some of the data was moved to a server in Russia, an obvious red flag for Target security which once again was missed.
  • The login credentials of the vendor were used throughout the attack, yet Target’s security system wasn’t able to detect that those credentials were being used to perform tasks they weren’t approved for.

We keep saying that every business large and small has important lessons to learn from Target. Don’t waste the opportunity. Double-check your own security and see if there are any obvious gaps you haven’t spotted but need to be sealed. Need help? Give SiteLock a call any time, 24/7/365, at 855.378.6200.

Google Author: Neal O’Farrell

POS Malware

Big Brands Defenseless Against POS Malware

2014 could go down as one of the most significant years in the world of cybersecurity, and malware in particular. It wasn’t just the small window that revealed data breaches at Target, Neiman Marcus, Michaels Craft Stores and potentially dozens of other retailers. Nor was it the fact that this explosion in data breaches could all be the work of a seventeen-year-old.

Read More

2013 Target Breach Exposes Much More Than Data

target data breachAs we continue to dissect the massive data breach at Target, we’re going to learn lots of lessons. But probably the biggest lesson you can take away from it is that if it can happen to Target, it can certainly happen to you. Even if it’s on a much smaller scale, it could still be big enough to matter to you.

Read More

12 Simple Steps to Data Protection

Did you know that there has been an average of more than one reported data breach in the U.S. every single day for each of the last five years? And that’s only the reported data breaches. The number of unreported or undiscovered data breaches could be ten times, even one hundred times that number.
Those data breaches combined have exposed more than 4.2 billion records, and some studies have found that more than 80% of those breached records have included Social Security numbers.

Read More

Page 4 of 4

Powered by WordPress & Theme by Anders Norén