Three Steps The Home Depot Could Have Taken to Prevent Data Breach Devastation
IRVINE, CA, October 1, 2014 — The Home Depot is the latest example of the influx of data breaches that are exposing volumes of credit/debit card data causing consumer agony and costly retailer repercussions. According to Forbes, The Home Depot breach compromised as many as 56 million customer cards – 16 million more than the Target breach late last year which cost the retailer cumulative expenses of $236 million.
Reports identify that The Home Depot breach began at the end of April and continued for four months before being discovered. During those four months cardholder data moved inside The Home Depot IT infrastructure and was transferred outside the company without anyone noticing. If simple change and configuration auditing software had been in place, these malicious activities and security violations could have been detected very early on, saving The Home Depot millions.
In this wave of data breaches impacting major retailers, Netwrix, the #1 provider of change and configuration auditing software, outlines three key steps every company processing payment cards should take to prevent the devastation of a data breach.
- Step 1 – Keep it Separate: Sensitive information, such as cardholder data, should be stored wisely. Consider separating the environments and enforce its security with regular auditing for access and changes. Monitoring of all systems, where sensitive data is stored, will help you decrease the risk of data leaks.
- Step 2 – Audit, Audit, Audit: Implement detailed auditing processes and policies that monitor access control, the provisioning and de-provisioning of users and the activities of privileged accounts. Advanced auditing solutions will alert you right away to critical issues or activities, unusual modifications or unusual privilege or permission changes so that breaches can be detected on early stages.
- Step 3 – Document It: Maintain a complete audit trail of system activities. On critical systems, consider solutions that also allow you to record a video of privileged users’ activities, along with metadata for complete search and replay capability. Reviewing these audit trails will assist in root-cause analysis in case a breach occurred.
“These large and costly data breaches not only harm the impacted retailers, they also shake consumer confidence in using credit/debit cards at all,” said Alex Vovk, President and Co-Founder of Netwrix. “To rebuild consumer trust and to prepare for data breach avoidance during the busy holiday buying season, retailers need to actively prepare themselves against the malicious attacks that can devastate them. Fortunately, being prepared is easy when retailers establish regular auditing of their IT systems. This will deliver the complete visibility they need, across the entire IT infrastructure, so that breach attempts can be thwarted quickly before consumers are heavily exposed.”
About Netwrix Corporation
Netwrix Corporation, provider of change and configuration auditing solutions, delivers complete visibility into who did what, when, and where across the entire IT infrastructure. This streamlines compliance, strengthens security, and simplifies root cause analysis. Founded in 2006, Netwrix is ranked in the Top 100 US software companies in the Inc. 5000 and Deloitte Technology Fast 500. Netwrix software is used by 160,000 users worldwide. For more information, visit www.netwrix.com.