And now it is Staples. And before that Kmart. And before that Home Depot. And Cub Foods, and Dairy Queen. List is extremely long, and most of the time the cyber-crooks are using the same exploit package that took down Target. If it seems to you that the security environment has never been worse, you a right. To date in 2013 and 2014 91 retailers have been hacked for customer credit card information. (up from 77 in since September 9!) It seems that there is no way to prevent this exploit, because if there was, we wouldn’t be hearing about this all the time.
And so it is. Everything that I am reading says that 100% prevention is going to be impossible to achieve, that the best defense is a combination of network monitoring and quick response and removal. The early word on Kmart is that this may be the case for them. The breach appears to date from early September, which means that it was caught in less than two months, still a long time but much better than the record for the other major retailers we have heard about this year and last.
If you are a small business using a popular point of sale systems and credit card processing companies, the bad news is that you may be infected already and not even know it. When you find out, after you are contacted by Visa or MasterCard, it will be too late to avoid the fines and loss of reputation and customer trust. To protect yourself you should be working with your IT outsource partner or internal IT staff to start looking for this exploit on your POS system. If they are not up to the challenge, then you might want to find an experienced cybersecurity consultant who can get this project started. Waiting and hoping that everything is ok is going to be a bad strategy for you, and possibly sooner than you believe possible.
ShareOCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com