Contributor:
Andrew Avanessian
September 10th, 2014

Home Depot breach builds a case for a Defense-in-Depth approach

This week, Home Depot announced its payment systems had fallen victim to hackers, in what some in the security industry are predicting to be the biggest data breach in history.

The attack, which targeted credit and debit card details of Home Depot customers, originated from malware infected cash registers and could date as far back as April this year.

Aided by a new variant of the malicious software program, BlackPOS, which stole data from cash registers in Target stores around the US last December, this latest attack siphoned data from cards when they were swiped at infected cash registers running Windows.

The breach sees Home Depot join UPS, P.F. Chang’s and Shaws in an ever growing list of organizations having their point-of-sale systems compromised. The frequency and relative ease with which these breaches are occurring is a worrying trend and forcing the hand of businesses to take a closer look at their IT infrastructure and reassess how secure it actually is.

What will it take to get ahead of the hackers?

If we take the Home Depot breach and that of Target late last year, it’s clear that the point-of-sale systems have been their downfall. In a number of retailers, payment systems are relatively antiquated, typically being legacy systems which run on Windows XP for example and aren’t subject to regular patching.

In many cases these systems are not connected to a domain under stringent controls and are therefore relatively easy to penetrate. The problem is compounded by payment systems which rely on swiping the credit or debit card, allowing the data to be copied. As the US gradually starts to migrate to chip and PIN technology the frequency of these breaches should ease, though there are quick and easy steps organizations can take now to prevent them happening in the first place.

A more defense-in-depth approach to security is great starting point when tackling these kinds of threats. For instance, while perimeter technologies like firewalls can prevent against certain types of external attack, it cannot block malware that has already found its way onto endpoints within an organization. With a multi-layered security strategy that incorporates solutions like patching, application whitelisting and privilege management, organizations can more effectively protect against the spread of malware, defending their valuable assets and ultimately their reputation.

More from the Blog

Related technology and security insights

  • 28
    Jun
  • Story related

    NotPetya ransomware: Attack analysis

    On June 27, 2017 a number of organisations across Europe began reporting significant system outages caused by a ransomware strain referred to as Petya. The ransomware is very similar to older Petya ransomware attacks from previous years, but the infection ...