It has been reported that Home Depot has experienced a near-record data breach. We are talking 56M debit and credit cards.
This pushes this breach, in terms of the volume of records exposed, past Target, who as you may recall, had set a record at 40M credit card records in Q4 2013. Shareholders paid the price at around $148M, after costs were calculated, months later at Target.
Media outlets glom onto big things. The bigger the better in most cases, but seemingly, in the wake of a data breach, it seems the bigger they are, the worse they appear. To some extent this is true, if you measure this by the number of customers impacted.
However, I'd argue that it doesn't really matter how many cards, and subsequently, how many records are compromised as part of a breach. Any breach of customer data, espcially credit card information which directly impacts the customer financially, is bad whether its 5 or 5,000.
How we measure the severity of the breach shouldn't be based on the number of overall records compromised, but its the sort of the default measure we use, because they simply keep getting bigger.
Home Depot shouldn't really be the latest "major breach" poster child. What's unfortunate is that this represents another point-of-sale system compromise, underscoring that attackers go where they know they can operate with freedom, remain invisble, and penetrate weakly guarded endpoints for managed security services to get what they want and execute malicious code.
POS systems are said to be particularly susceptible to targeted malware being installed, and attacks launched specifically to take advantage of the disparate nature of these endpoint security systems. For example, many POS systems sit on Microsoft XP OS, which is unsupported from a patching standpoint now, so the tendency is to think all XP systems are simply not secure. But this notion might not hold water based onb many accounts of exactly how for example, Target was breached.
Its believed Target's POS system breach happened during an auto-patch push during non-business hours through a central server or hub, where malware was installed, and because the centralized hub was targeted, it impacted every connected POS endpoint security. When it was reported that every Target store was impacted, this makes sense.
More will surface on what exactly happend at Home Depot. Blame. Costs. What worked, and what didn't. But the bigger the volume of credit cards exposed, and subsequently the number of actual records stolen, really should not be the focus of any "brand-name breach."
I'd argue its potentially more important to determine how to implement a better system of monitoring in real-time, extending that across your environment, acquire technology with the capability to help you prioritize threats, along with talented security experts to push coordinated responses and remediation measures.
From the practical side, a few things to keep in mind, with respect to learning from these breaches (as more information becomes available) would be:
From an endpoint security perspective, look to a provider who supports Windows XP. Simply put, without the patching mechanisms in place any longer, IR teams, SOC operators and security analysts should look to endpoint threat detection and response solutions who regularly update their platforms to cover off any gaps or holes XP may cause. CounterTack. Contact us - Sentinel supports XP.
Depending on your specific needs, levels of expertise or configuration requirements, you may need to enlist the help of a managed security services provider (MSSP) to help monitor, manage and respond to security incidents. If this is the case, find a trusted, experienced provider who can add levels of expertise you don't have internally, and who are good at bundling the right technologies to provide more comprehensive coverage of your environment.