Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 22 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Thousands hit by Debenhams Cyber Attack

by The Gurus
May 8, 2017
in Editor's News
malware
Share on FacebookShare on Twitter

British high street giant Debenhams has become the latest retailer to be hit by a data breach as it was reported that thousands have been effected by card-stealing malware.
Around 26,000 customers of Debenhams Flowers website personal and financial details such as payment information, names and addresses stolen during the breach, which took place between 24 February and 11 April. The hackers had access to the internal systems at Ecomnova, the third-party company that operates the Debenhams Flowers website which is now currently offline.
Organisation’s that use third-party suppliers must be aware of the security measures in place and must ensure they meet certain standard. This the view of Stephen Coty, chief cybersecurity evangelist at Alert Logic who says, “This really stresses the need to make sure that your third party suppliers are meeting the same security requirements that you have set for your business. Regular audits of your supply chain are recommended, not just accepting a questionnaire as their proof of compliance to your security standard, but actually perform full penetration test and code audit to confirm that the supplier is doing their part to maintain the integrity of your data.”
“It’s an unfortunate fact of life for security teams that an organisation’s data is only as secure as the weakest link in the chain, which is often smaller third-party vendor organizations”, added Dr Anton Grashion, managing director of security practice at Cylance. He continues saying that “it’s absolutely critical to evaluate information security risk when choosing and onboarding a vendor, as well as to outline minimum security practices and stipulate liability in agreements with those organisation’s.”
All those that have been targeted have been notified and have been advised to check for correspondence from the company if you have used the florist service. The Information Commissioner’s Office (ICO) has also been informed.
Commenting further on the news are leading IT security experts from Imperva, Lastline & NuData security.
Itsik Mantin, director of security research at Imperva, feels hackers stop at nothing to look for flaws in web systems saying, “vulnerabilities exist in nearly 100% of web applications. “Hackers constantly and continuously scan the internet, looking for web applications that don’t have adequate protection. Itsik also advises that users should “keep a close eye on your bank statements, watching out for anything unusual, or better still, tell your bank and request a new card.”
Marco Cova, senior security researcher at Lastline believes “every breach reveals data that criminals can use to launch additional attacks, either by the initial attackers or other criminals to whom they sell the compromised data. They merge data from multiple sources, building dossiers on potential victims, including spear phishing targets inside corporations. Every breach is a reminder of the importance of strong authentication measures in both personal and professional devices, networks, and web applications. The blurring of personal and professional use of enterprise assets such as laptops underscores the criticality of protecting organizations from the network core to the outer edges against advanced persistent threats and evasive malware that could be introduced as a result of an infected personal device targeted as a result of a prior data breach. Data breaches provide a distribution hub for malware for years to come.”
Robert Capps, VP of business development at NuData Security states that, “any breach of personal information is of extreme significance and concern. With just a name and email address, there is an outsized risk to consumers from targeted phishing and malware attacks. Stolen consumer data can be combined with other personally identifiable information (PII) from other hacks and breaches, to amass even more detailed profiles of users that are traded and sold to other hackers and fraudsters. These bundles of data contain much more complete information about specific individuals providing greater opportunities for fraud to take place. For example, with enough data collected from separate breaches, a fraudster can gain access to enough financial and personal information to enable the successful application for a new credit card or loan, or even takeover of an existing consumer financial account.
He continues saying, “Behavioural analytics can provide victims of a data breach with an extra layer of protection even after a hack has occurred. We need to put a stop to these fraudsters in an entirely passive and non–intrusive way by building barriers to the fraudsters. We do this by learning how a legitimate user interacts with the online world around them, in contrast to a potential fraudster who uses valid consumer information stolen from intrusions and data breaches. Passive biometric technologies are highly accurate and impersonation resistant, making it possible to predict and prevent fraud from occurring in real-time – without interrupting a user’s experience.
“The only way we are going to stop these breaches is to devalue the data the fraudsters are going after. Passive biometric technology is being used by some large banks and merchants that can verify the true user even when valid stolen credentials are presented. Once these dynamic behavioural authentication solutions are more widespread identity thieves will have a much harder time operating in an environment where the data they go after is useless to them. We look forward to seeing online identity thieves go out of business.”
 

FacebookTweetLinkedIn
Tags: attackBreachCyberdataMalwaresecurityTechnology
ShareTweetShare
Previous Post

Tenable Offers Intel AMT Vulnerability Detection with Nessus and PVS (INTEL-SA-00075)

Next Post

Thales joins Industrial Internet Consortium

Recent News

security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023
TikTok to be banned from UK Government Phones

TikTok to be banned from UK Government Phones

March 17, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information