Yet another breach. Today it is Michaels Stores that is in the news for having suffered a breach. Tomorrow it will be someone else. We might as well coin the acronym (YAB) now. As we know, breaches happen. Every organization will be breached at one time or another. Because of this, the security community embraces the concept of incident response. In other words, do everything you can to protect your organization from attack, but know that attacks will still get through your defenses. When the attacks do occur, be prepared for incident response with the right people, process, and technology. This is the only way to ensure that breaches are detected promptly, incidents are handled swiftly, and damage is minimized.
A few points that I thought were noteworthy about the Michaels Stores breach:
A few points that I thought were noteworthy about the Michaels Stores breach:
- There were actually two breaches -- one involving the theft of 3,000,000 credit card numbers at Michaels Stores, and one involving the theft of 400,000 credit card numbers at its Aaron Brothers subsidiary.
- The breaches were each on the network for more than eight months before being detected. This may seem like a long time, but unfortunately, this is quite common.
- Michaels Stores had said in January that it was investigating a breach, implying that the incident response took three months. Although this also seems like a long time, unfortunately, this is quite common.
- A new retail ISAC (Information Sharing and Analysis Center) will soon be created to facilitate information sharing amongst retail organizations
- The recent spate of breaches has raised awareness and caused many organizations (retail or otherwise) to thoroughly review their security operations programs and incident response preparedness
- Many retailers are taking a proactive stance and standing up a formal Security Operations Center (SOC) with a rigorous incident response process
No comments:
Post a Comment