Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What CIOs can learn from the biggest data breaches

John Brandon | Nov. 13, 2014
A postmortem analysis of some of the biggest recent data breaches offers IT leaders several pieces of advice for staying a step ahead of hackers.

Once hackers had the list, they searched for known vulnerabilities for each application until they found a way to break in. They then obtained administrative privileges to gain access to the servers. Then they stole the data. Tendler says analytics tools could have noticed the intrusions at specific times of the day and looked for login anomalies.

Lesson From Target: Find the Most Critical Vulnerabilities

Target became one of the latest victims of a phishing email campaign. Kevin Conklin, a spokesperson for the IT security company Prelert, believes the Target breach was a result of a hacker using authorized login credentials obtained using an email phishing campaign targeting a specific contractor. The credentials allowed the hackers to install a malware program on the POS terminals that read a customer's credit card. All told, the attack compromised 70 million customer accounts and 40 million credit cards.

Conklin says the twist is that Target security tools detected the breach and issued alerts, but the attackers likely kept manually attempting to login. It's possible that Target received thousands of these alerts during the attack period. Conklin argues that threat detection tools, including one his company offers, could reduce the damage because they search for more critical anomalies.

Lesson From Home Depot: Well-Configured Firewalls

Most security experts say Home Depot was the victim of a spearphishing attack — a highly specific, targeted ruse that arrives by email and then infects a computer with malware. According to Francis Turner, a product manager for ThreatSTOP, the Home Depot breach, which affected 56 million credit and debit cards, could have involved just one successful attack — and just one employee agreeing to the install. It's also possible this one specific employee was repeatedly spearphished.

Turner says the real hack isn't the intrusion but, rather, the fact that the malware could "call home" and carry out further instructions. Firewalls configured to block both incoming and outgoing attacks would have helped, he adds.

 

Previous Page  1  2 

Sign up for Computerworld eNewsletters.