Yesterday we reported on a breach involving 4.2 million credit card numbers at an unnamed retailer. Turns out the retailer is Hannaford Bros. grocery stores. The AP is reporting on the story but has little detail beyond what was available yesterday. Although this is not a breach at the TJX level, the compromise of 4.2 million customer credit card numbers is nothing to take lightly.
3 Comments »
Incident response (IR) is a critical responsibility for network security analysts and system administrators. Anyone operating a network should have an incident response plan in place so that when a network breach occurs everyone involved knows their roles and responsibilities. If a plan is not in place (or nearly as bad, the employees have not been trained to execute the plan) a simple incident can quickly be blown out of proportion and cause damage to the reputation of the organization and its employees.
To most people, IR means a call to action when a new threat emerges or the network is breached (broken in to). Most people think of IR solely in this capacity but responding to an event or incident is too complex to lump into a single category. This article extends the IR concept by breaking the traditional “response” component into three separate areas:
- Response: the initial set of actions taken by system administrators and security analysts to asses the situation and stop the incident from spreading.
- Recovery: this step involves getting effected machines back online and returning to regular operations.
- (Public) Relations: even after the incident is contained and corrected, there may be PR fallout from the incident. This step is overlooked almost universally.
(more…)
1 Comment »
Breach Security Labs released a report containing some interesting statistics about web attacks in 2007. The entire report can be found in the Breach Security Network website (unfortunately, free registration is required). Dark Reading also has a summary of the report, although they felt 67% didn’t sound as good as 70% so they rounded up in the article title.
This report backs up what we have been reporting on in BreachBytes: more and more hacks and breaches are motivated by money. Andy weighed in on this trend with his excellent write up on the rise of organized crime in cybersecurity. I wrote about the subject most recently in my post on the motivations of modern hackers. Danny Quist from Offensive Computing noted in a comment that I should have had money as the #1 motivation and not #2. He was right.
(more…)
No Comments »
New Years is a time of reflection and preparation: reflection on the year ending and preparation for the year beginning. This year I thought I would share my New Years resolutions as they relate to my job as a security vendor:
- Go easy on the jargon. I will do my best not to say “IDS” and “PCI” and instead say “Intrusion Detection System” and “Payment Card Industry”.
- Be straightforward. Customers don’t have much spare time and I will do a better job of getting to the point. I will tell customers what they need to know and nothing more.
- Give users tools they want. Flashy interfaces may sell initially but what makes products stick is utility. I will focus on making software that makes security analysts more effective in their jobs.
(more…)
No Comments »
Entries (RSS)