Major corporations and retailers continue to experience data breaches despite the lessons learned in marquee attacks.
It has been nearly five years since one of the world’s largest retailers experienced a system data breach that exposed personal information and credit card details to nearly 110 million customers. While much was learned from details surrounding this incident, some key findings highlight measures worth considering in any organization’s cyber security plan:
Harden Fringe Access Points
To gain initial access, an email phishing campaign targeted a 3rd-party HVAC contractor who had access to corporate networks through the retailer’s vendor portal. Once the attacker had access into this fringe network access point they were able to navigate and stage the next steps of their attack.
Takeaway: Any organization that allows third-party vendors or partners to access corporate networks – be it via cloud connections or while working on-site – needs to demand partners follow cyber security protocols and include fringe access points and in their overall Cyber Security Plan. Fringe access points include audio-visual systems and networks used for video conferencing and meeting room collaboration which may be installed directly onto the internet and not implemented behind a firewall.
Ensure Real-time Intrusion Detection
The compromised contractor in the incident may have utilized a free version of malware detection software which did not provide real-time intrusion detection.
Takeaway: Free and other scan-on-demand malware detection solutions that don’t automatically update or access worldwide threat profiles are a security risk. A legitimate Intrusion Detection System (IDS) needs to access up-to-date, global threat profiles in realtime.
Ensure both Internal and External Threat Detection & Prevention
Once the corporate network was compromised the attacker was able to execute code malicious code within the network that spread until it reached the retailer’s POS systems and sensitive customer data. While the retailer did employ a tool that noticed the suspicious activity within their network, the system didn’t immediately thwart the activity and the retailer’s teams seemed to ignore the warnings.
Takeaway: a successful cyber security Intrusion Prevention System (IPS) needs to identify and prevent malicious behavior both outside and within the network.