 |
| Source: yahoo.news.com |
It started right before the holidays, with Brian Krebs’
first report on a 40 mil. financial data breach at Target stores. News followed that a
further 70 mil. accounts containing personal identifiable information was also
compromised during the heist.
From then on the focus was on how the breach happened,
what software was deployed, where did Target go wrong and who should take the best part of the blame. Meanwhile, Target provided customers with a sign up for free credit monitoring and identity
theft protection system and announced it will invest $5mil in a brand new cyber
security coalition.
But that’s not the end of the problems for the retailer.
But that’s not the end of the problems for the retailer.
Alongside Target, the retail industry is experiencing a surge
in cyber attacks and POS malware. The FBI re-assures us that they are aware of these attacks and they are not likely to stop. Compliance
is widely criticised as Target was in fact compliant with
the PCI DSS standards and it did nothing to stop these spectacular attacks.
However the infosec community is looking at the entire story with a shaking head and a look of “I told you so”, because researchers have long stated that compliance does not mean security. Previous incidents at Wall-Mart and Heartland Payment Systems had left an even more embarrassing mark on compliance, as they were certified compliant while their networks were in the process of being hacked.
However the infosec community is looking at the entire story with a shaking head and a look of “I told you so”, because researchers have long stated that compliance does not mean security. Previous incidents at Wall-Mart and Heartland Payment Systems had left an even more embarrassing mark on compliance, as they were certified compliant while their networks were in the process of being hacked.
The implications of these recent hacks are wide and
diverse. Banks will tighten their liability policies, payment providers will continue
to issue fines for poor cyber security measures, while retailers deal with bad
publicity and falling share prices.
This in turn affects economies and market statutes while the customer is left in the middle with the choice of a week’s worth of hassle for cancelling a compromised card and/or the expense of a lawsuit against the retailer.
This in turn affects economies and market statutes while the customer is left in the middle with the choice of a week’s worth of hassle for cancelling a compromised card and/or the expense of a lawsuit against the retailer.
It seems that all these industries should take a break from
trying to only protect themselves and come together for a long-term cooperation
strategy centered around the key player: the consumer. As it stands every industry
is furiously trying to escape the responsibility and pass an already irritated and
distrustful victim from one institution to another.
This may work for the time being, but will only lead to a deeper lack of trust in a flawed system. There is more to be done to educate, prevent and restore trust, and this will take a cooperative and supportive effort from all the industries if they continue to expect customers to hand over their data.
This may work for the time being, but will only lead to a deeper lack of trust in a flawed system. There is more to be done to educate, prevent and restore trust, and this will take a cooperative and supportive effort from all the industries if they continue to expect customers to hand over their data.
This was a really good read. I'm British so I don't really know much about Target but this was a really interesting read none the less. Thanks for sharing it.
ReplyDeleteThank you! We are glad you liked it. Hope you'll come back again, as there will be more to follow.
ReplyDeleteI am very impress to see this blog, this Is such a great article and the tips are very comprehensive. I love your article. network security
ReplyDelete