What Walmart Learned From the Target Data Breach

[InfoSec News <alerts () infosecnews org>]

http://www.eweek.com/security/what-walmart-learned-from-the-target-data-breach.html

By Sean Michael Kerner
eWEEK.com
2015-04-29

LAS VEGAS -- The Target data breach in 2013 sent shock waves through the 
retail industry that reached all the way to Walmart, the world's largest 
retailer. In a keynote speech on April 28 at the InformationWeek 
Conference, co-located with the Interop conference here, Walmart CIO 
Karenann Terrell answered a question from the audience about the impact of 
the Target breach.

"What Target taught the entire industry was that you can't have any single 
point of failure," Terrell said.

The ability to protect against every single potential breach vector is 
zero; that's why layered security with a hard, crusty exterior protection 
layer is needed on each individual component, including infrastructure, 
data and applications, Terrell said. As part of a layered approach to 
security, analytics and data that tracks what is happening on a network 
from a threat-vector perspective is needed, she said, adding that it's 
also important to watch the movement of data across an organization to see 
what happens.

Before the Target breach, Walmart knew about the need for multi-layered 
defensive strategy.

"We have multiple businesses, and in some areas, we look more like a bank 
than a retailer," Terrell said. "So what we learned is that single points 
of failure anywhere can have really drastic effects, and the ability for 
an attack to go undetected for a period of time, just exponentially 
increases the damage that can occur."

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/