Target Breach Takeaway: Secure Your Remote Access - InformationWeek
IoT
IoT
Comments
Target Breach Takeaway: Secure Your Remote Access
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
hho927
50%
50%
hho927,
User Rank: Ninja
2/10/2014 | 2:02:28 PM
Re: Lack of security at Target
I work in IT. I know some IT people are lack of security training or simply lazy. They just want to make it work, Always try to take an easy route. The easy way is giving full access to accounts.

Why a HVAC account was allowed to access POS systems? Plus permission to install software? It has no role in that area.

If you work in IT, you have the right to say no. My managers often whine about access. I simply said no. If you have no role in that area why do i give you access?
edyang73
100%
0%
edyang73,
User Rank: Strategist
2/10/2014 | 1:57:59 PM
Tokenizing individual data
While credit card numbers have been tokenized for encryption, there's now the ability to tokenize inidividual pieces of data far beyond just 16 digits. All the way to files MB and GB in size. This means even if a server is breached, it's mathematically impossible to break the individual MicroTokenized files. 

http://multichannelmerchant.com/ecommerce/mass-retail-data-breaches-can-now-prevented-certainstores-microencryption-27012014/#_
majenkins
50%
50%
majenkins,
User Rank: Ninja
2/10/2014 | 1:25:01 PM
Re: Lack of security at Target
Fire the IT department????????? The entire IT department did not make the decisions that allowed the access you describe. In fact it may not have been anyone in IT that did. Often business users, managers, over ride the controls that IT wants to put in place.
hho927
50%
50%
hho927,
User Rank: Ninja
2/10/2014 | 12:08:22 PM
Lack of security at Target
You hit it on the head. Target can blame no one but itself. Why a HVAC account allowed to install software? This account should have only read access. Why a HVAC account could access POS? First Target gave to much priviledges to that account and there was no security audit at target. Target simply sux. They should fire their IT dept.
<<   <   Page 2 / 2


How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll