Last week, Home Depot announced that hackers made off with 53 million customers’ email addresses and payment card data following a breach earlier this year. Here to comment are a number of experts in the information security field. Seculert, Rapid7, and Incapsula are represented.
Aviv Raff, CTO and Co-Founder, Seculert:
“The Home Depot breach shows that there are way too many blind spots to prevent an attack. In this case, the attacker was able to jump from a third-party vendor specific environment to the corporate environment using a 0-day vulnerability in Microsoft Windows. It also took Home Depot over 5 months to detect the attack, If you can not only evade detection on the way in but also LIVE there for five months, it’s more like a blind cavern than a blind spot. This is mainly because Home Depot, like other retailers that have been breached, were more focused on trying to prevent an attack than trying to detect an active compromise. We now see more and more enterprises moving towards early detection of compromised devices within their network before an incident becomes a breach.”
Trey Ford, Global Security Strategist, Rapid7:
“So Home Depot confirmed several things the rest of us should remain aware of. Attackers were inside their organization for five months before detection. The attackers entered with stolen credentials. (They used a vendor’s username and password to log into Home Depot’s network.) Let’s be clear- this is not hacking; this is routine activity that looks like normal behavior. Once inside, the attackers picked up elevated rights to deploy software to point of sale systems–just like a systems administrator would, except they deployed specialized malware to do their dirty work.
Featured Download: Social media access at work. Do your employees know the rules?
“Companies and private individuals alike need to sit up and pay attention to how their accounts are being used. Among other things, we need to focus additional energy on detected compromised accounts, protecting our credentials, and using stronger authentication mechanisms where possible.”
Marc Gaffan, CEO and Co-Founder, Incapsula:
“The latest revelation about Home Depot’s email leaks once again brings to light the vulnerability of passwords. Everyone in IT knows strong authentication is the answer. So why aren’t we rolling it out? There is a general sentiment that implementing strong authentication is difficult, but it’s not anymore. Two-factor authentication is a straightforward replacement for the password and not too complicated to put in place for the IT staff and contractors working on sensitive systems. Once we see broader adoption and implementation of two-factor authentication, we should also see a decrease in data theft.”