The Challenge of coming clean after a cyber attack ...
I often have both sympathy and respect for any organisation that comes clean after a cyber attack - Carphone Warehouse in my view is in no way any different. While it has been reported that the attack in this instance was discovered on Wednesday and reported yesterday (Saturday), opinion is that the compromise could have happened at least two weeks beforehand.
The challenge for any cyber security professional is keeping your perimeter and outwardly facing services secure in a rapidly ever changing landscape. Where cyber criminals are often using different, interesting and elaborate methods to gain access. The defence that worked last time, won't always work again, it's a tough call.
Reading between the lines (as one can only guess what has taken place), someone or some system finally spotted unusual behaviour on the system. Transactionally or in terms of server logs and traffic behaviour. The most ubiquitous form of attack is slow and patient - not pulling the whole resource, instead trickling out the data under the radar.
In the case of Carphone Warehouse and their owners at Dixon - they have a great deal of work to do. Communicating with their customers, evaluating the extent of the incursion and changing their security mechanisms. As well as learning what actually happened and working with law enforcement.
While the public may see this as a failing by Carphone Warehouse, I would encourage a different view - I see this as prudent honesty. This gives everyone a chance to check their own security arrangements, review all card/account transactions and take appropriate precaTK-MAXX and the company is still operational.
utions. There will be challenges, some critique from the media and customers - but in my experience this is now proving to be the better course of action for retailers who have been hit. After all many in the UK are still shopping at
Think about it, robbing banks by gunpoint nowadays seems so 'retro', when you can employ a team of sufficiently skilled nerds to do the job from afar.
Comments
Post a Comment