Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 27 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Daily News Digest – 16th January 2013

by The Gurus
January 16, 2014
in Opinions & Analysis
Share on FacebookShare on Twitter

The rising figures in the Target data breach have proved that it is important to know what has happened, how it happened and what was taken in such an event.
 
The breach, which was reported in December and suspected to have compromised up to 40 million payment cards, was later suspected to have affected up to 70 million users. A statement from Target, hosted by Brian Krebs, said that this was “uncovered as part of the ongoing investigation.”
 
“As part of Target’s ongoing forensic investigation, it has been determined that certain guest information — separate from the payment card data previously disclosed — was taken during the data breach,” the company said.
 
Krebs said that while much of the data is partial in nature, in cases where Target has an email address, it will attempt to contact affected guests with informational tips to guard against consumer scams.
 
Jason Hart, VP Cloud Solutions at SafeNet, said that the size of this breach should serve as anotherwake up call to the industry, especially encouraging organisations to think about the way that encryption is implemented.
 
“Whilst the payment information taken in the Target breach was encrypted, immediately reducing the impact of the breach, it is clear that data cannot be encrypted in isolation. Right now, companies encrypt to be compliant with numerous data breach regulations, such as PCI-DSS. However, as with most compliance regulations, PCI-DSS only mandates a lowest common denominator-level of security and more protection is required,” he said.
 
“Organisations now need to move beyond basic regulations and ensure that they are securing data throughout its whole lifecycle. This means securing data at the application layer (such as point-of-sale terminals), while it is in transit or motion, and when it is stored.”
The other angle around the Target attack and breach, was a suspicion that it had in fact affected up to 110 million users. According to Threatpost, Target’s manager of public relations Molly Snyder said that while there may some overlap between the two groups (of 40 million and 70 million), it did not know the extent.
 
Phil Lieberman, CEO of Lieberman Software, said that the only people that should be concerned are those that used their cards at Target, as there will probably be no material effect on Target o
r their stock value.

 
“Target will probably provide the required mea culpa and go back to spending a minimum amount of money on IT and security and not really worrying much about the security of their customers (but publicly stating otherwise),” he said.
 
“The common industry practice in retail (and many other industries and services) is to spend the absolute minimum amount of money on security and IT in retail as well as outsource as much of their work as possible to the least cost vendor(s). In security, you generally get what you pay for.”
 
This week it was reported that Target plans to spend $5 million in a multi-year campaign to educate the public on the dangers of scams, working with the National Cyber-Forensics and Training Alliance (NCFTA), National Cyber Security Alliance (NCSA) and Better Business Bureau (BBB). A Target statement said: “Target will learn from the experts at these organisations who best understand the complexities and growing challenges associated with cyber security – particularly phishing scams – and how to educate consumers in trusted, accessible and understandable ways.” 
 
As detailed by IT Security Guru, there was malware on the Target point of sale systems, and this reduces the ability to use the term “attack”. Chris Wysopal, co-founder and chief technology officer or Veracode suspected that the malware used was likely customised for the type of point of sale terminals that Target uses.
“At least part of Target’s network must be compromised. For the TJ Maxx attack the attackers got in through insecure wireless networks. That’s not likely how they did it here, more likely it was a phishing attack or they got in through an insecure web application,” he said.
I suspect it will be some time before we see the end of this story. We’ve had the announcement of the breach, the delayed announcement of the breach, the stories that it is almost double or treble the number of users affected and the discussion on how it was done. Next it is the challenge on repairing a spiraling problem, undoubtedly pushing the PR time into overdrive and overtime.

FacebookTweetLinkedIn
Tags: Breachincident responseMalware
ShareTweet
Previous Post

Target admit there was malware on PoS systems

Next Post

A First Look at the Target Intrusion, Malware

Recent News

CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme

September 26, 2023
partnership

Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe

September 26, 2023
Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

September 25, 2023
Nurturing Our Cyber Talent

Nurturing Our Cyber Talent

September 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information