Dixons Carphone has announced the unauthorised access to 5.9 million cards in one of its processing systems. An additional 1.2 million non-financial personal records were also compromised.
Aaron Higbee, CTO and cofounder at Cofense (previously PhishMe) comments:
“The breach suffered by Dixons Carphone is no doubt a concern for all those whose data is held within the company and particularly for those with non-EU issued cards that were not protected by chip and pin. What will be especially interesting in this investigation, however, is what security really looked like for a company that had already been fined for its inadequate security and had recently undergone a merger.’
“The IT infrastructure within any company can be complex and with the rise in cloud services, shadow IT is undoubtedly on the increase, but this is often worsened when a merger has taken place. In terms of security, a lack of visibility and control over IT is a huge problem; you can’t secure what you don’t know exists, particularly if you rely on plug-in security solutions.
“Consequently, security defence needs to evolve and improve as the business grows and as threats change. The only way to do this effectively is to deploy a business’s most adaptable and intelligent resource – its employees. With a human defence shield identifying suspicious activity, reporting it in a way that is simple and yet gives the security team all it needs to triage against other incidents, cyber intelligence can be generated to be then fed back into the business to make those first line responders even more effective. Only time will tell if Dixons Carphone had this sort of security infrastructure in place.”
(6)
Article Link: http://digitalforensicsmagazine.com/blogs/?p=2453