Experts weigh in on Kmart breach

New York --The news of the recent security breach at Kmart storesgenerated lots of comments from security experts.



Here is a roundup:



“Every large chain organization should be doing everything they can to revamp their security procedures on their financial systems and hopefully avoid attacks against their customers. Those who haven’t can feel with a good amount of certainty that they will be next and those who have beefed up security but have already been attacked we will most likely hear about in the coming weeks.”

-- Adam Kujawa, head of Malware Intelligence at Malwarebytes Labs, research arm of the anti-malware company



“Cyber criminals are well funded using APTs to gain access to corporate networks where they can plot their attacks without being seen, leverage system administrator credentials to give them the highest levels of access, and even write custom malware to compromise systems containing customer information.Data is the new currency and companies need to wake up that they are going to be the next victim unless they take security seriously. In addition, companies need to move past the antiquated approach of perimeter-based security and assume the attacker is already on the network. This one simple assumption would dramatically change the way companies protect critical systems and data.”

-- Eric Chiu, president & co-founder of HyTrust, a cloud control company



“These breaches are not, in general, the result of a general lackadaisical attitude towards security, but rather are the direct consequence of the demands on businesses to grow their infrastructure, provide advanced services, and address perceived threats in an organic way. Automated analysis of the entire infrastructure that provides current, complete, and comprehensive insight into the network, its layout, and all of the potential paths through it is an essential requirement for all enterprises.”

-- Steve Hultquist, chief evangelist at RedSeal Networks, provider of end-to-end network visibility and analytics to prevent cyber attacks



“Businesses simply cannot handle raw credit card data. Unfortunately, the majority of them are protecting sensitive information with what hackers see as an unlocked fence. It’s time to put the locks in place, which means an upgrade to malware-resistant point-of-sale terminals that encrypt and tokenize all credit card data from the moment customers swipe their cards. The key is for a business to remove all real touch points with actual card numbers, thus safeguarding its customers in the event of an attack.”

-- Jeff Shanahan, CEO of CardConnect, a payments technology company that helps U.S. merchants process and protect card transactions.