Welcome back everyone! Welcome to 2018!
After an endless stream of predictions, failures, and innovations, we’ve finally arrived in the new year. Hopefully we all got the rest we need to hit the ground running; our field never stops and vigilance is vital.
Once again we’ve gathered some of the top headlines from the long weekend to share our insights on the big events. We hope you find them informative and compelling as you make your first InfoSec decisions of the year!
December 31, 2017: NiceHash CEO Resigns, Company Announces Reimbursements
Marko Kobal, co-founder and CEO of Slovenian cryptocurrency mining service NiceHash, announced his resignation in the wake of a major hack on the company which resulted in the loss of $63 million in Bitcoin. The company has announced that it will reimburse users for their stolen currency; it has not yet started that process.
This bit of news serves as a follow-up to our previous article on the heist. It reinforces the perilous security position cryptocurrencies find themselves in 2018, and it also shows just how severe the consequences of a serious hack can be. A breach doesn’t just hit a company’s bottom line—it can force even those intimately connected to their enterprise, as Kobal was, to resign. Across the globe the notion persists that whatever happens online, those consequences can’t spill out into the real world. Kobal’s resignation shows a very different reality, and how seriously we need to be taking cybersecurity. Our jobs may depend on it.
December 28, 2017: Forever 21 Confirms Breach of Payment System
Fashion retailer Forever 21 confirmed that their data breach, first discovered and announced in November, is far more severe than previously believed. The hack appears to have infected point-of-sale-terminals throughout the U.S. between April 3 and November 18 last year, compromising customers’ payment and credit card information. The company has not announced how many customers were potentially affected. The POS systems were supposed to be encrypted, according to a company statement to customers.
Takeaway: The first major insight Forever 21 provides is the devastation of dwell time in a hack. The lengthy period of time hackers were allowed to customer information without attracting attention obscures just how many customers were harmed, making the recovery that much harder. The discovery of prolonged dwell time can destroy an enterprise’s reputation, which in turn degrades the trust between enterprise and customer that is necessary for a free economy to function, and escalates the potential reimbursement. And Forever 21 isn’t even unique in its breach; Chipotle and GameStop both suffered similar hacks over 2017. Hackers seem to be concentrating their efforts on cracking POS systems, so better encryption or better endpoint protection will be vital moving forward for all retailers. These hacks will keep coming; the data POS devices contain is too valuable to the unscrupulous to be left alone.
- Best Books for Defending the Digital Perimeter - September 14, 2021
- Apple Vulnerability Places All of Apple iOS at Risk - September 14, 2021
- CrowdStrike Releases 2021 Threat Hunting Report from Falcon OverWatch - September 13, 2021