Andy Heather, VP EMEA, Voltage Security
The value of personal data continues to be recognized by hackers who are now attempting to use the data to hold companies to ransom. Where previously financial data was the key target of the hackers, the theft of financial information (credit card or account information) has a limited lifespan, until the victim changes the account details etc. But the personal information that can be obtained has a much broader use and can be used to commit a much wider range of fraud and identity theft, and simply cannot be changed.
The value of this personal data to the cyber criminal has a much greater value, for example where the selling price for a single stolen credit card is around $1, if that card information is sold with a full identify profile that can dramatically increase up to $500. If the cyber criminals know where the real value is then surely we should all expect responsible organisation to pay appropriate attention to keeping our personal information safe.
This breach highlights a need for companies to place tighter controls on how their customers' sensitive information is stored and protected. If data is left unprotected, it's not a matter of "if" it will be compromised – it's a matter of when. Even the best security systems in the world cannot keep attackers away from sensitive data in all circumstances. When a company is storing sensitive information about their customers, the risk is to the data itself. Therefore, a company needs to assume that all other security measures may fail, and the data itself must be a primary focus for protection – usually via encryption. It is critical to note that this protection needs to include all potentially sensitive information and not just financial related data.
If Dominos had employed format-preserving encryption to protect the data itself, the attackers would have ended up with unusable encrypted data instead of the current outcome where an untold amount of their customers' personal information is now in the hands of cyber criminals.
TK Keanini, CTO, Lancope
Ransomware of all types are on the rise because the inventions of crypto currency like Bitcoin and others lets them operate with functional currency that does not compromise their anonymity.
While retail has been in the news lately with a lot of data breaches, if you have a lot of personal data on people, the more people you have the more attractive you are to these criminals. If you have not been hit yet, now is the time to prepare with an incident response readiness that will ensure business continuity. It is just a part of doing business in this age of the Internet.
Dominos in particular needs to treat this event as an ongoing business problem and not as a one time event. They should provide leadership and expertise to all of their stores and deliver the operational visibility required to ensure early detection of this type of threat. While getting in again is likely, they must raise the cost to this adversary to hide and operate.