Expert Comments

Experts Reacted On Retail Giant Kroger Data Breach

Expert(s):
Expert(s):

It has been reported that Kroger Co. has announced it was among the victims of a data breach involving Accellion’s file-transfer service. The company believed that only 1% of its customers were affected and are being notified of the breach. Kroger said it was among victims of the December hack of a file-transfer product called FTA developed by Accellion, and that it was notified of the incident on 23 January, when it discontinued the use of Accellion’s services. Commenting on the news are the following cybersecurity experts:

Experts Comments

Dot Your Expert Comments
Amit Sharma
February 24, 2021
Security Engineer
Synopsys Software Integrity Group

One of the most substantial security challenges organisations currently face is how to manage their legacy products.
One of the most substantial security challenges organisations currently face is how to manage their legacy products. They may be built using older technologies and sometimes lack the security features that come with new languages and frameworks. Organisations should enforce their application security governance, risk, and compliance (GRC) policies on the portfolio of products they employ. This includes applying individual risk ratings to each application based on criteria including (but not
.....Read More
One of the most substantial security challenges organisations currently face is how to manage their legacy products. They may be built using older technologies and sometimes lack the security features that come with new languages and frameworks. Organisations should enforce their application security governance, risk, and compliance (GRC) policies on the portfolio of products they employ. This includes applying individual risk ratings to each application based on criteria including (but not limited to) the size of the customer base using the application, prevalence of application usage, whether the application is internet facing, the type of data it collects, and how that data is handled/stored, etc. From there, security controls need to be defined and applied as per the risk ratings that they imply.
 

Proper validation of these controls should be applied using a defense-in-depth strategy to protect critical data. In other words, implementing multiple layers of security controls throughout the application’s software development life cycle. Additionally, a vulnerability management policy should be in place to identify and eradicate existing vulnerabilities which may surface in the future as the world of application security and cybersecurity evolves."

  Read Less
Martin Jartelius
February 22, 2021
CSO
Outpost24

It’s been a month from becoming aware of the breach to this wider disclosure, but it seems it’s been hard to establish who has been affected at all.

It’s been a month from becoming aware of the breach to this wider disclosure, but it seems it’s been hard to establish who has been affected at all – leaving the company with the very tough decision on who to inform, and a challenge of meeting the timeliness of doing so.

Trevor Morgan
February 22, 2021
Product Manager
comforte AG

The real solution to this problem for all companies is to reconsider just how data-centric their security posture really is.

One interesting aspect of data security incidents is that they aren’t necessarily one-off events. Given that many enterprises depend on the same tools or software within their IT infrastructures, when a vulnerability in a core tool is exposed, a domino effect of incidents takes place as various organizations announce the effect on them and their customers.

 

This is the case with the ongoing Accellion file-transfer breach. Kroger is the latest organization to announce that it was affected by

.....Read More

One interesting aspect of data security incidents is that they aren’t necessarily one-off events. Given that many enterprises depend on the same tools or software within their IT infrastructures, when a vulnerability in a core tool is exposed, a domino effect of incidents takes place as various organizations announce the effect on them and their customers.

 

This is the case with the ongoing Accellion file-transfer breach. Kroger is the latest organization to announce that it was affected by this incident. By all accounts, when they became aware of the situation back in January, they ceased usage of the software in question and have performed their due diligence in analyzing the scope of their exposure and notifying customers accordingly. While they believe that less than 1% of their customers were affected, that’s still too many people whose personal, sensitive information may be compromised.

 

The real solution to this problem for all companies who process and retain customers’ sensitive information is to reconsider just how data-centric their security posture really is. Are their protection methods enforcing borders and perimeters around stored data, or are they protecting the data itself? Data-centric security such as tokenization and format-preserving encryption obfuscates sensitive information so that even if it falls into the wrong hands, the sensitive meaning cannot be derived. Peoples’ identities are not exposed, and the data becomes worthless to threat actors. Situations like this one should make any conscientious enterprise stop, investigate, and determine whether its most sensitive data is really protected enough to prevent exposures like this.

  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Expert Commentary On 30,000 Macs Infected With New Silver Sparrow...

Response Comment: Half Of Businesses Suffered A Cyber-Attack In Last...

Expert Reaction On Google’s Password Checkup Feature Expanding For Android...

Expert Comments On Secondary Extortion Attacks

Cybersecurity Expert Shares Top Takeaways Amid SolarWinds Hearing

Security A Glaring Issue For Chatroom App Clubhouse After Conversations...

Parents Alerted To Nurserycam Security Breach – Experts Comments

How Can Consumers Better Protect Their Finances From Bad Actors...

Experts Insight On ‘Silent Stealing’ New Cyber Crime Phenomenon

Expert Reaction On UK Cyber Security Attracts Record Investment