As the fall-out of last year’s security breach at Target continues, there are now more than 90 lawsuits that have been filed against the retailer and its partners. Most recently, Chicago-based credit card security company, Trustwave was included in a lawsuit against Target.
Interestingly, according to Trustwave’s website, its services are specifically designed to help "businesses fight cybercrime, protect data and reduce security risk.” Yet, as the lawsuit claims, “Trustwave scanned Target's computer systems on September 20, 2013, and told Target that there were no vulnerabilities.” This was less than two months before hackers had successfully infiltrated Target’s systems.
An obvious question - one I’m sure at the heart of the lawsuit - is how could this be? Why were vulnerabilities not found, especially by a company whose business it is to fight cybercrime? Furthermore, it has been widely reported that hackers used credentials of an HVAC vendor to gain access to the network. Are HVAC systems and vendor access considered outside the scope of cybercrime protection?
As we’ve seen in so many hacking attacks, a single vulnerability can, and likely will, become a gateway for experienced hackers to exploit. Protecting any IT environment requires a multi-layered approach with constant supervision.
At Netop, we’re well aware of the severity of what can happen when staff and vendors do not follow security protocols. This is one of the reasons we’ve designed our secure remote access solution so it can be used by companies to specifically manage vendors, including their access to devices like POS terminals, retail controllers and even HVAC systems.