Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Target credential theft highlights third-party vendor risk

Antone Gonsalves | Feb. 3, 2014
Target's disclosure that credentials stolen from a vendor were used to break into its network and steal 40 million credit- and debit-card numbers highlights the fact that a company's security is only as strong as the weakest link in its supply chain.

BMC has denied that its software was used in the break in.

The hackers also managed to infect another system and steal personal data, such as email addresses and phone numbers, for 70 million people before Target shutdown the breach December 15, almost three weeks after the hackers planted malware in the POS systems.

The integration of so much technology in a large corporation makes it nearly impossible to plug every hole, Murphy said.

"The interconnectivity of this stuff makes it so supremely difficult to find (the vulnerability)," Murphy said.

So, a good risk management strategy would identify the most valuable information in an organization and regularly check the security in every system that could be used to gain access to that data, she said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.