Friday, April 18, 2014

Yet Another Breach

Yet another breach. Today it is Michaels Stores that is in the news for having suffered a breach. Tomorrow it will be someone else. We might as well coin the acronym (YAB) now. As we know, breaches happen. Every organization will be breached at one time or another. Because of this, the security community embraces the concept of incident response. In other words, do everything you can to protect your organization from attack, but know that attacks will still get through your defenses. When the attacks do occur, be prepared for incident response with the right people, process, and technology. This is the only way to ensure that breaches are detected promptly, incidents are handled swiftly, and damage is minimized.

A few points that I thought were noteworthy about the Michaels Stores breach:
  • There were actually two breaches -- one involving the theft of 3,000,000 credit card numbers at Michaels Stores, and one involving the theft of 400,000 credit card numbers at its Aaron Brothers subsidiary.
  • The breaches were each on the network for more than eight months before being detected. This may seem like a long time, but unfortunately, this is quite common.
  • Michaels Stores had said in January that it was investigating a breach, implying that the incident response took three months. Although this also seems like a long time, unfortunately, this is quite common.
Even given the latest breach, the news is not all bad. Although the retail sector provides a financially attractive target for criminals, there are a few promising signs that things will soon improve:
  • A new retail ISAC (Information Sharing and Analysis Center) will soon be created to facilitate information sharing amongst retail organizations
  • The recent spate of breaches has raised awareness and caused many organizations (retail or otherwise) to thoroughly review their security operations programs and incident response preparedness
  • Many retailers are taking a proactive stance and standing up a formal Security Operations Center (SOC) with a rigorous incident response process
These trends indicate to me that, at a high level, we as a community are moving in the right direction. It’s important to remember that there is no silver bullet, and that no one project or piece of advice will address all of an organization’s issues. As always, the right people, process, and technology are the key to a successful security operations program and proper incident response preparedness.

No comments:

Post a Comment