Criminal group FIN6, which targets Point of Sale systems has managed to steal data on over 20 million credit cards in one singular attack, which, when sold through its card shops, pocketed the group over $400 million, reports FireEye. Here to comment on this news is security expert Philip Lieberman, President of Lieberman Software.
Philip Lieberman, President of Lieberman Software:
“The revelation made by FireEye points out the critical need to advance cyber security from a passive activity of trying to detect and catch up to the bad guys, to a new approach of regularly disinfecting systems whether infections can be detected or not. We are now in an era where old IT security practices no longer work, and those companies that cling to them are regularly victimized with unlimited losses. The decision to buy a security solution with a pretty user interface or one from a large company misses the point of finding real effective solutions to prevent these types of losses.
Much of the work we are doing with FireEye and others is to develop methodologies and new technology that removes the possibility of these unlimited credit card losses. In effect, modern security means a closed loop remediation that operates firewalls, end point protection and identity management as a coordinated team to limit land and expand attacks.
We believe that the attack consequences were entirely unnecessary and that this is a fundamental failure of IT to be operated in a modern and hygienic manner that would limit these losses to inconsequential levels. The reason for the loss was most likely not a lack of money to buy technology, but the lack of understanding as to how to create and operate an IT environment that could repel this type of attack. Lieberman Software and FireEye work with many companies to help them mature their approach and achieve better outcomes.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.