The Hannaford hack: what we can learn from it

Most people have heard of by now the recent high-profile data security breach with retail chain Hannaford Bros. According to an article published by SC Magazine (http://www.scmagazineus.com/Hannaford-tells-regulators-how-breach-happened/article/108569/) hackers placed hidden malware on nearly 300 servers to intercept transactions.

 

This malware was designed to locate and discover credit card information from consumers who interacted with the stores, thus, these hackers untimely harvested 4.2 million credit card numbers over a period of 3 months.

 

What a knock-out that was!

 

The question we have to ask is why didn’t their current anti-virus / anti-malware solution not detect the malware for 3 months? That’s a great question; most people today are living under the assumption that they are well protected from the dangers of the Internet just because their AV solution say’s it’s up to date and that they have enabled their firewalls.

 

Its unfortunate the traditional signature based anti-malware model is crumbling under the shear force of numbers (the rapid pace of new malware created daily). Thus, the industry has to take a holistic approach to solving this problem by using many different layers including proactive technologies.

 

Ideally if a proactive approach were taken to continuously monitor critical assets the situation could have potentially been avoided altogether. In closing this is a very real example of how even the most thought to be secure environment can be breached by hackers who have the drive and spirit to commit financial fraud. Let our lesson be learned.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: