Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
Editor's Blog and Industry Comments

70 million customers affected by Target data theft

13 January, 2014
Security industry representatives have reacted to the recent Target data theft which could be much deeper than originally thought.


Following the news that the Target data breach affected up to 70 million customers (30 million more that it first thought), Jason Hart, VP Cloud Solutions at SafeNet believes this is a catalyst for companies to examine their methods of encryption.



According to Jason: “The latest revelations about the Target data breach should serve as another wake up call to the industry, encouraging organisations to think about the way that encryption is implemented. This means reviewing the way in which data is being processed and transmitted by conducting a risk assessment to see if high value data requires encryption in transit as well as at rest.  



“Whilst the payment information taken in the Target breach was encrypted, immediately reducing the impact of the breach, it is clear that data cannot be encrypted in isolation. Right now, companies encrypt to be compliant with numerous data breach regulations, such as PCI-DSS. However, as with most compliance regulations, PCI-DSS only mandates a lowest common denominator-level of security and more protection is required. Organisations now need to move beyond basic regulations and ensure that they are securing data throughout its whole lifecycle. This means securing data at the application layer (such as point-of-sale terminals), while it is in transit or motion, and when it is stored.



“With hacking attempts becoming almost a daily occurrence, it’s clear that being breached is not a question of “if” but “when. So companies need to ensure they are taking the necessary precautions. This means using best practice data protection – authentication, encryption and key management - to guarantee that data is effectively useless when it falls into unauthorised hands.



“One of the most common mistakes that organisations make is storing the encryption key in an insecure manner, thus exposing sensitive information to significant risk.  Therefore, only those companies that encrypt all valuable data and apply tamper-proof and robust controls to the management of the keys, can be safe in the knowledge that their data is protected whether or not a security breach occurs.”



Lamar Bailey, director of security R&D at Tripwire added: "It’s interesting, I see a lot of data about the higher number of customers affected but not much about the data types that were breached, and that is the bigger concern. Reports this morning revealed that customer names, physical addresses and email addresses were stolen. If this is indeed the case the breach was must deeper than originally suspected and it probably effects the website along with the brick and mortar stores."


Bookmark and Share