Some weeks ago on the PandaLabs Blog, our colleagues discussed the massive data breach at the US company the Target Group.
On December 18 last year, the company reported that hackers had stolen the credit and debit card details of some 40 million shoppers who visited the group’s stores between November 27 and December 15, 2013.
At the time, Target did not clarify how the attack was perpetrated, although as we have since discovered, it would seem that that company had been somewhat negligent, and failed to heed the warnings of its own security firm.
Some months before the attack, FireEye identified suspicious actions on the part of the hackers on numerous occasions, yet Target failed to take any action.
How to prevent data theft in your company
POS terminals are a highly prized target for criminals. That’s why your security solution must:
- Prevent the running of software: Only trusted processes must be permitted to run.
- Identify vulnerable applications, warning you of any software that requires updating.
- Control the behavior of allowed processes, should there be an attempt to exploit a vulnerability in a trusted process.
- Traceability: If an incident occurs, your solution must offer as much information as possible in order to answer four basic questions: since when has the intrusion occurred, which users have been affected, what data has been accessed and what has been done with it, as well as knowing how and from where the attack was launched.
This case, along with many others like it, have shown how important security is for a business to operate correctly. Failing to take it seriously can have major consequences for your business.