Expert Comments

Experts Reacted On Retail Giant Kroger Data Breach

Expert(s):
Expert(s):

It has been reported that Kroger Co. has announced it was among the victims of a data breach involving Accellion’s file-transfer service. The company believed that only 1% of its customers were affected and are being notified of the breach. Kroger said it was among victims of the December hack of a file-transfer product called FTA developed by Accellion, and that it was notified of the incident on 23 January, when it discontinued the use of Accellion’s services. Commenting on the news are the following cybersecurity experts:

Experts Comments

Dot Your Expert Comments
Amit Sharma
February 24, 2021
Security Engineer
Synopsys Software Integrity Group

One of the most substantial security challenges organisations currently face is how to manage their legacy products.
One of the most substantial security challenges organisations currently face is how to manage their legacy products. They may be built using older technologies and sometimes lack the security features that come with new languages and frameworks. Organisations should enforce their application security governance, risk, and compliance (GRC) policies on the portfolio of products they employ. This includes applying individual risk ratings to each application based on criteria including (but not
.....Read More
One of the most substantial security challenges organisations currently face is how to manage their legacy products. They may be built using older technologies and sometimes lack the security features that come with new languages and frameworks. Organisations should enforce their application security governance, risk, and compliance (GRC) policies on the portfolio of products they employ. This includes applying individual risk ratings to each application based on criteria including (but not limited to) the size of the customer base using the application, prevalence of application usage, whether the application is internet facing, the type of data it collects, and how that data is handled/stored, etc. From there, security controls need to be defined and applied as per the risk ratings that they imply.
 

Proper validation of these controls should be applied using a defense-in-depth strategy to protect critical data. In other words, implementing multiple layers of security controls throughout the application’s software development life cycle. Additionally, a vulnerability management policy should be in place to identify and eradicate existing vulnerabilities which may surface in the future as the world of application security and cybersecurity evolves."

  Read Less
Martin Jartelius
February 22, 2021
CSO
Outpost24

It’s been a month from becoming aware of the breach to this wider disclosure, but it seems it’s been hard to establish who has been affected at all.

It’s been a month from becoming aware of the breach to this wider disclosure, but it seems it’s been hard to establish who has been affected at all – leaving the company with the very tough decision on who to inform, and a challenge of meeting the timeliness of doing so.

Trevor Morgan
February 22, 2021
Product Manager
comforte AG

The real solution to this problem for all companies is to reconsider just how data-centric their security posture really is.

One interesting aspect of data security incidents is that they aren’t necessarily one-off events. Given that many enterprises depend on the same tools or software within their IT infrastructures, when a vulnerability in a core tool is exposed, a domino effect of incidents takes place as various organizations announce the effect on them and their customers.

 

This is the case with the ongoing Accellion file-transfer breach. Kroger is the latest organization to announce that it was affected by

.....Read More

One interesting aspect of data security incidents is that they aren’t necessarily one-off events. Given that many enterprises depend on the same tools or software within their IT infrastructures, when a vulnerability in a core tool is exposed, a domino effect of incidents takes place as various organizations announce the effect on them and their customers.

 

This is the case with the ongoing Accellion file-transfer breach. Kroger is the latest organization to announce that it was affected by this incident. By all accounts, when they became aware of the situation back in January, they ceased usage of the software in question and have performed their due diligence in analyzing the scope of their exposure and notifying customers accordingly. While they believe that less than 1% of their customers were affected, that’s still too many people whose personal, sensitive information may be compromised.

 

The real solution to this problem for all companies who process and retain customers’ sensitive information is to reconsider just how data-centric their security posture really is. Are their protection methods enforcing borders and perimeters around stored data, or are they protecting the data itself? Data-centric security such as tokenization and format-preserving encryption obfuscates sensitive information so that even if it falls into the wrong hands, the sensitive meaning cannot be derived. Peoples’ identities are not exposed, and the data becomes worthless to threat actors. Situations like this one should make any conscientious enterprise stop, investigate, and determine whether its most sensitive data is really protected enough to prevent exposures like this.

  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords

Expert Reaction On Go Is Becoming The Language Of Choice...

Experts On Google Voice Outage

Expert Reaction On GCHQ To Use AI In Cyberwarfare

Comment: Hackers Break Into ‘Biochemical Systems’ At Oxford Uni Lab...