Target Corp.’s TGT -0.66% computer security staff raised concerns about vulnerabilities in the retailer’s payment card system at least two months before hackers stole 40 million credit and debit card numbers from its servers, people familiar with the matter said.
Members of Target’s computer-security staff raised concerns about vulnerabilities in the retailer’s payment-card system before the massive hacking occurred. Danny Yadron has details on the News Hub.
At least one analyst at the Minneapolis-based retailer wanted to do a more thorough security review of its payment system, a request that at least initially was brushed off, the people said. The move followed memos distributed last spring and summer by the federal government and private research firms on the emergence of new types of malicious computer code targeting payment terminals, a former employee said.
via Target Staff Raised Security Concerns Before Data Breach – WSJ.com.
The U.S. government, finally realizing that it has to take action to ensure a minimum level of cybersecurity in networks that manage the nation’s energy, water and financial services, presented the Framework for Improving Critical Infrastructure Security on Wednesday. The document, which was put together by industry and government experts, is a compilation of cybersecurity standards and best practices; it is the result of the year-old Executive Order 13636, under which President Barack Obama directed operators of critical infrastructure to provide guidance for defending their networks.
via U.S. Gives Cybersecurity Advice to Critical Infrastructure Operators—But No Rules – IEEE Spectrum.
When I discuss the insider threat with folks in the community, there seems to be several schools of thought. For example, some will apply a much lower risk to the insider threat, treating it as a one-off chance that an employee gets mad and does something bad out of spite. While this is a possibility, insider threats can run much deeper. We tend to pay attention to events that are in our face, such as an employee gone mad running around with WiFi DoS tools and malware-laced USB thumb drives. This would certainly catch our attention.
via Detecting Snowden – The Insider Threat | Tenable Network Security.