The following articles talk about default passwords being exploited and a lack of whitelisting.  These are both fairly simple best practices.  Write a paragraph describing the importance of one of these or another best practice that you would  Home Depot implement.Home Depot Breach Affected 56 Million Cards (September 18, 2014) Home Depot acknowledged that the breach of its point-of-sale systems affected an estimated 56 million payment cards. Is a press release, the company said that the attackers used ‘unique, custom-built malware.’ Additional information about the data breach at Home Depot suggests that it affects mainly cards used in self checkout lanes. [Editor’s Note (Pescatore): Lesson learned in these recent PoS attacks is why in the world aren’t you using white listing on the PCs attached to payment devices? There is absolutely no business need to allow arbitrary software to run on tills/registers. One area the PCI regime could improve this: Reduce the DSS emphasis on antivirus software everywhere and focus more on whitelisting/application control on any computing device in the PoS chain. http://media.corporate-ir.net/media_files/IROL/63/63646/HD_Data_Update_II_9-18-14.pdf-http://www.prnewswire.com/news-releases/the-home-depot-completes-malware-elimination-and-enhanced-encryption-of-payment-data-in-all-us-stores-275649511.html-http://www.zdnet.com/home-depot-56-million-payment-cards-affected-by-cyberattack-7000033845/-http://www.scmagazine.com/home-depot-breach-risks-56m-payment-cards-unique-malware-used/article/372426/-http://krebsonsecurity.com/2014/09/in-home-depot-breach-investigation-focuses-on-self-checkout-lanes/-

Leave a Reply

Your email address will not be published.