Target Breach Takeaway: Secure Your Remote Access - InformationWeek
IoT
IoT
Remote Access
Commentary
2/10/2014
10:00 AM
Lori MacVittie
Lori MacVittie
Commentary
RELATED EVENTS
How to Talk to Your Management about IT Security
Aug 30, 2017
This webinar will bring you some new methods for describing and measuring your cybersecurity initi ...Read More>>

Target Breach Takeaway: Secure Your Remote Access

Yes, attackers could use stolen credentials to get into your systems from a distance. But slamming the door is not the answer.

The percentage of respondents to our 2013 Strategic Security Survey who say controlling remote access is a problem jumped 11 points year-over-year.
The percentage of respondents to our 2013 Strategic Security Survey who say controlling remote access is a problem jumped 11 points year-over-year.

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
hho927
50%
50%
hho927,
User Rank: Ninja
2/10/2014 | 2:02:28 PM
Re: Lack of security at Target
I work in IT. I know some IT people are lack of security training or simply lazy. They just want to make it work, Always try to take an easy route. The easy way is giving full access to accounts.

Why a HVAC account was allowed to access POS systems? Plus permission to install software? It has no role in that area.

If you work in IT, you have the right to say no. My managers often whine about access. I simply said no. If you have no role in that area why do i give you access?
edyang73
100%
0%
edyang73,
User Rank: Strategist
2/10/2014 | 1:57:59 PM
Tokenizing individual data
While credit card numbers have been tokenized for encryption, there's now the ability to tokenize inidividual pieces of data far beyond just 16 digits. All the way to files MB and GB in size. This means even if a server is breached, it's mathematically impossible to break the individual MicroTokenized files. 

http://multichannelmerchant.com/ecommerce/mass-retail-data-breaches-can-now-prevented-certainstores-microencryption-27012014/#_
majenkins
50%
50%
majenkins,
User Rank: Ninja
2/10/2014 | 1:25:01 PM
Re: Lack of security at Target
Fire the IT department????????? The entire IT department did not make the decisions that allowed the access you describe. In fact it may not have been anyone in IT that did. Often business users, managers, over ride the controls that IT wants to put in place.
hho927
50%
50%
hho927,
User Rank: Ninja
2/10/2014 | 12:08:22 PM
Lack of security at Target
You hit it on the head. Target can blame no one but itself. Why a HVAC account allowed to install software? This account should have only read access. Why a HVAC account could access POS? First Target gave to much priviledges to that account and there was no security audit at target. Target simply sux. They should fire their IT dept.
<<   <   Page 2 / 2
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll