http://www.eweek.com/security/what-walmart-learned-from-the-target-data-breach.html
By Sean Michael Kerner
eWEEK.com
2015-04-29
LAS VEGAS -- The Target data breach in 2013 sent shock waves through the
retail industry that reached all the way to Walmart, the world's largest
retailer. In a keynote speech on April 28 at the InformationWeek
Conference, co-located with the Interop conference here, Walmart CIO
Karenann Terrell answered a question from the audience about the impact of
the Target breach.
"What Target taught the entire industry was that you can't have any single
point of failure," Terrell said.
The ability to protect against every single potential breach vector is
zero; that's why layered security with a hard, crusty exterior protection
layer is needed on each individual component, including infrastructure,
data and applications, Terrell said. As part of a layered approach to
security, analytics and data that tracks what is happening on a network
from a threat-vector perspective is needed, she said, adding that it's
also important to watch the movement of data across an organization to see
what happens.
Before the Target breach, Walmart knew about the need for multi-layered
defensive strategy.
"We have multiple businesses, and in some areas, we look more like a bank
than a retailer," Terrell said. "So what we learned is that single points
of failure anywhere can have really drastic effects, and the ability for
an attack to go undetected for a period of time, just exponentially
increases the damage that can occur."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
