What CIOs Can Learn From the Biggest Data Breaches (CIO.com)
From CIO: Read the entire article here
We keep hearing about them in the news. The tallies are astounding: 145 million user accounts compromised here, 40 million credit cards stolen there. What isn't always as clear with the most high-profile data breaches is how they occurred in the first place and what you can do to prevent seeing your organization in a similar headline.
CIO.com tapped several security professional to summarize the origins of the top five recent data breaches to affect U.S. firms. There are also lessons to learn from AT&T, Community Health Systems, Experian, Michaels, Neiman Marcus, P.F. Chang's and the UPS Store, among many others.
Lesson From Home Depot: Well-Configured Firewalls
Most security experts say Home Depot was the victim of a spearphishing attack – a highly specific, targeted ruse that arrives by email and then infects a computer with malware. According to Francis Turner, a product manager for ThreatSTOP, the Home Depot breach, which affected 56 million credit and debit cards, could have involved just one successful attack – and just one employee agreeing to the install. It's also possible this one specific employee was repeatedly spearphished.
Turner says the real hack isn't the intrusion but, rather, the fact that the malware could "call home" and carry out further instructions. Firewalls configured to block both incoming and outgoing attacks would have helped, he adds.