Target Data Breach

How did they pull it off and how can you safeguard your environment from a similar event?

The Target Stores data breach started by exploiting a vulnerability in an externally facing webserver.  Once inside, hackers took command of an internal server and planted malware on the Point of Sale devices in stores all over the US.  The harvested data was stored internally until the hackers reached back in to grab the millions of credit card account records that were stolen.  More details can be found at http://krebsonsecurity.com/

With the tools available today, how could this event happen?  What can you do to safeguard your environment from a similar incident?

PathMaker Group recommends the following measures:

  1. Assess the overall security posture of your organization.  Our company provides a rapid assessment covering 16 security domains enabling you to understand where you may have major gaps.  We can help you prioritize these gaps to help you to maximize your risk mitigation.
  2. Test your environment (and your website code) for vulnerabilities.  External and internal penetration testing is a necessary starting place, but if you develop your own website code, scanning your application code prior to releasing the system to production is essential as these techniques and tools will surface many more vulnerabilities.  We can help with both of these services.
  3. Leverage security intelligence technologies to correlate and identify suspect events before massive damage can occur.  We can rapidly deploy an industry leading solution for you in a matter of days including setting up a managed service.

For help or more information, please contact PathMaker Group at 817-704-3644

Keith Squires, President and CEO, has been in high demand by the media to add insight to this recent news.  Radio and television news interviews, including CBS National News, are available to view at the following link:

http://www.pathmaker-group.com/home/pathmaker-group-news/

Breach at Target Stores Affect 40 Million Customer Card Accounts

Target suffered a major data breach losing credit, debit and Red card numbers for as many as 40 million customers across 1900 stores in US and Canada. This will go down as one of the largest breaches in recent history and it comes at the worst possible time.  Consumers may have to cancel their cards just they are trying to finish Christmas shopping.  Target says the issue has been resolved. Keep an eye on your accounts and if you see any suspect activity, cancel your card right away.

Are you doing everything you can to prevent a breach like this at your company?

Talk to PathMaker Group about our 16 domain security assessment.

http://www.pathmaker-group.com/services/security/assessments/

Learn more about the Target breach at their corporate website

https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca

 

Gartner Identity and Access Management Summit

How Can a Company Guarantee a Successful, Strategic Identity Access Management Program?

The Gartner Identity and Access Management Summit is right around the corner and leaders from all over the world will be coming to try to get this question answered.  Here are a few ideas from our ten years in the industry.

Strategic Identity and Access Management (“IAM”) projects can be difficult and the new challenges with mobile, social, and cloud compound the problem.  Protecting the perimeter is not enough anymore.  Safeguarding identities are the key to a truly secure enterprise.

The industry has seen way too many train wrecks with IAM.  To get beyond basic capabilities and really use IAM systems as a foundation for strategic IT, a company MUST take the time up front to consider the long-term plan.  Near-term, immediate priorities can be solved with client-based single sign-on, basic provisioning, simple roles and audit reports.  But with a short-term (and maybe short sighted) plan, a company can just as easily limit their ability to solve more complex problems.

Read more