The Potential Impact of Point-of-Sale Compromises for Business Continuity Planning
Brian Krebs reported on September 2, 2014 that The Home Depot was the victim of a massive data breach, in which credit card numbers were stolen in large numbers. The Home Depot responded by posting a message claiming that they were investigating the issue. As of today (September 8, 2014) that message has not been updated, assuming that a breach has not yet been determined. However, at the same time. Krebs is already providing information about the exact type of malware used to conduct the heist.
What is very interesting, by lack of a better term, is that this is yet another attack against the point-of-sale infrastructure of a large retail chain. In fact, the alleged breach resembles the Target breach of December of 2013 in many different aspects.
A concerning bit there is that we now know that adversaries are willing and able to compromise large retailers at the PoS terminals in their brick-and-mortar stores. So far, these breaches have been focused on stealing credit card data, which makes me believe that it is the work of criminals.
However, if criminal organizations have these capabilities, it is no stretch to also believe that nation states and/or other organizations driven by ideology, rather than by profit, have the same ability. And, for those with a different moral compass than most of us in the West do, rather than quietly stealing information, they could have the ability to shut down entire PoS infrastructures.
The amount of financial damage, as well as the inconvenience, and possibly fear, that an attack against, say, the PoS infrastructure of organizations like Walmart, Target, or Sears can cause is disconcerting, to say the least.
In our incident response planning, we have been focusing on the first class: data theft. But, how well are we prepared for the second one? Malicious destruction of assets is something that we prepare for in business continuity planning, but those plans seems to mostly focus on natural hazards, like earthquakes, floods, hurricanes, fires, civil unrest, etc.
How well are cyber incident response plans aligned with your business continuity plans?
What is very interesting, by lack of a better term, is that this is yet another attack against the point-of-sale infrastructure of a large retail chain. In fact, the alleged breach resembles the Target breach of December of 2013 in many different aspects.
A concerning bit there is that we now know that adversaries are willing and able to compromise large retailers at the PoS terminals in their brick-and-mortar stores. So far, these breaches have been focused on stealing credit card data, which makes me believe that it is the work of criminals.
However, if criminal organizations have these capabilities, it is no stretch to also believe that nation states and/or other organizations driven by ideology, rather than by profit, have the same ability. And, for those with a different moral compass than most of us in the West do, rather than quietly stealing information, they could have the ability to shut down entire PoS infrastructures.
The amount of financial damage, as well as the inconvenience, and possibly fear, that an attack against, say, the PoS infrastructure of organizations like Walmart, Target, or Sears can cause is disconcerting, to say the least.
In our incident response planning, we have been focusing on the first class: data theft. But, how well are we prepared for the second one? Malicious destruction of assets is something that we prepare for in business continuity planning, but those plans seems to mostly focus on natural hazards, like earthquakes, floods, hurricanes, fires, civil unrest, etc.
How well are cyber incident response plans aligned with your business continuity plans?