Home Depot Involved in Major Security Breach
Home Depot is the latest retail company to suffer from a major security breach involving tens of millions of customer data from the US and Canada. Information from customers who have used their credit or debit cards since April 2014 have been compromised, but the retailer is assuring their customers that for any fraudulent charges in their accounts, they will not be held responsible.
Home Depot has over 2,200 stores alone and it is speculated that this is even bigger than last year’s Target security breach to which costs have reached millions in damages and they are still being reported.
“There will be more cyber-hacks coming in the next months”, Giuseppe Trotta, IT Security Researcher and Instructor, said. “Many companies do not take security seriously until they become targets themselves.”
Home Depot Identity Protection Program
Home Depot is offering free identity protection as well as free credit monitoring services to those who are affected by the possible breach. They advise shoppers to closely monitor their payment card transactions and report unusual activities to their issuing banks.
Strengthening an IT Network
“We are safe, we have a Web Application Firewall and Network Firewall set up!” – This is a common thinking for many companies and organizations which is sadly not enough. This idea says a lot about the lack of knowledge and awareness in defending an IT system.
To some, firewalls are just a matter of being compliant to general rules; but it doesn’t make you 100% safe. It does not matter how “high tech” the security mechanisms are, they can be broken if they are misconfigured, not updated or merely if they are not designed to do what the security team wants them to do.
On top of the IT security set-up, it is critical that employees have a solid background in network security. Security personnel and their managers should ensure that their devices are properly working and are suitably configured through regular penetration tests.
Importance of Penetration Tests
Conducting a penetration test has several interesting aspects, one of them is the way to identify vulnerabilities in an existing system that already has security measures in place. Penetration testers think like hackers but with the purpose of finding flaws in the system. The more skilled a penetration tester is, the better.
Furthermore, it is not only a “capture the flag” scenario where weaknesses are simply exposed. Assessing the vulnerabilities identify which vectors were used to gain access to the compromised system and thus recreate the attack chain. This validates the security measures and prevent similar attacks from happening in the future.
This recent security breach emphasizes that IT network security is very important. No one is truly secure, but you can regularly strengthen the system to prevent your company from becoming an easy target.
Giuseppe Trotta is a security researcher and instructor in eLearnSecurity. He is the main developer of the Hack.me project and he is also involved in the management of Hera lab virtualization infrastructures.