Security experts from Splunk and HP Data Security commented on the latest news that Chinese hackers breached LoopPay, a subsidiary of Samsung that contributes to its new mobile payment system. The hackers had been inside LoopPay’s system for five months before the company discovered them in late August.
[su_note note_color=”#ffffcc” text_color=”#00000″]Mark Bower, Global Director of Product Management for HP Data Security :
“No one is free from breach risk. If you store, process and collect sensitive data, especially payments and personal data, your business is on the radar of attackers, period.
Forensics are a powerful tool to discover the extent of a breach, but by then the data is long gone. Any company today has to assume a breach will happen and take more advanced threat mitigation measures. The payments business has learned the lesson hard over the years, and embraced far more powerful approaches to data security than traditional perimeter and storage encryption provides.
Today, the best-in-class businesses secure the data itself, not just the infrastructure, securing billions of transactions representing trillions of dollars in value with new technologies like Format-Preserving Encryption and stateless tokenization. The result is they don’t keep any live data anywhere it can be stolen. This is a huge shift from older perimeter or disk and database encryption approaches which simply can’t withstand advanced attacks like those reported in this case.”[/su_note]
[su_note note_color=”#ffffcc” text_color=”#00000″]Haiyan Song, SVP of Security Markets, Splunk :
“Time and again, we see attackers able to lurk undetected in organizations’ networks for several months. Today’s news reinforces the need to utilize data science and machine learning for automated analysis and fast access to forensic data to detect these low and slow breaches. Our best defense and means for minimizing impact on business is differentiating between normal and abnormal activities. When companies analyze user behavior and know normal activity patterns, they can quickly spot the potentially threatening behavior and ultimately contain the impact of a breach.”[/su_note]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.