In response to news that the fast-casual restaurant chain PDQ disclosed a yearlong data breach in which hackers likely “gained entry through an outside technology vendor’s remote connection tool” and compromised customer payment card data, experts with NuData Security and OneSpan offer perspective.
Robert Capps, Vice President of Development at NuData Security:
“PDQ has been impacted from a vulnerability in one of their third-party providers’ system, proving once more that cybersecurity doesn’t depend on one company only but on the full chain of companies involved in providing a service.
“Bad actors constantly look for this weak link to steal data that it’s later used for account takeover and other types of fraud. Once the data is exposed, any company who shares customers with the breached business is at risk of account takeover.
“To avoid post-breach damage, many retailers and eCommerce organizations are turning to multi-layered security strategies that incorporate passive biometrics and behavioral analytics. This approach enables merchants to identify their user’s unique behavior and verify if the user is legitimate or not with pinpoint accuracy – without dependence on static credentials such as names and passwords.
These new solutions are protecting companies and customers from post-breach damage.”
Christian Vezina, CISO at OneSpan:
“This is another example of a breach happening through an organization’s vendor ecosystem.
“Organizations are increasingly relying on third party vendors for numerous services that are not often at the core of their business. What is important for organizations onboarding suppliers that will have access to their data and systems is to perform a minimum due diligence on them to limit the odds of those vendors being the source of a data breach – and controlling their accesses. We have seen many large breaches in recent times that have been caused by suppliers. The proverbial security chain extends to your supply chain, and someone in there may just be the weakest link you haven’t thought of. Organizations should take the time to review their vendors’ security posture. Many tools and services out there are available to assist in managing vendor risks. When did you last assess the security of your vendors?”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.