The Home Depot Data Breach Shines a Light on CIOs' Lackadaisical Attitude Toward Data Defense

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.1to1media.com/weblog/2014/09/the_home_depot_data_breach_shi.html

The Home Depot last week confirmed it's investigating "unusual activity"
concerning its customer data after an investigative report revealed
possible fraudulent activity on the company's payment systems.

The report pointed to the possibility of The Home Depot's systems being
under attack since April. If true, this potential data breach would be
larger than the three-week long Target breach that affected 40 million
debit and credit card users last year.

If the investigation proves fraud has occurred over that period, then The
Home Depot will join the long list of companies in recent history to
experience data security breaches.

Where are CIOs in this mess? The mounting number of companies that have
experienced data breaches seem to point to IT professionals taking data
protection lightly. CIOs must come to realize that the more customer
information and critical business functions are being stored in the cloud
and controlled by tech tools, the more critical it will become to take
measures to ensure that every piece of data is safe and secure. This is
becoming rapidly more essential as the risk of cybersecurity breaches grows.

According to a recent Ponenmon Institute study, the state of cybersecurity
doesn't look very promising. Only 63 percent of respondents said their
organization is vigilant in conducting audits or assessments of cloud-based
services, 62 percent said the cloud services used by their organization are
thoroughly vetted for security before deployment, and 55 percent said their
IT security leader is responsible for ensuring their organization's safe
use of cloud resources.

As more advances like the cloud and mobile become widespread, firewalls and
intrusion detection programs will no longer suffice in data defense, and
will only become basic measures. CIOs must heed the cautionary tale of the
Targets and The Home Depots of late and start taking data protection
seriously. Sound security isn't only essential; it's good business.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!