Thursday, March 27, 2014

DDOS and Breaches

Poor Target, Senators -- yeah, those guys -- say that Target had a chance to stop the breach. Okay. Then go on to add that this "must be a clarion call to businesses, both large and small, that it’s time to invest in some changes." [source]

Well, VISA and Mastercard should invest in chips for credit cards. And yes we have to beef up security but the Critters at the Senate must know that it is a cat and mouse game that escalates.

DDoS traffic soars and the bots get cleverer. Making it harder and more expensive to combat these attacks. It doesn't help that most people don't use anti-virus and anti-malware software nor do they update O/S or virus definitions.

The 2014 DDOS Report is very interesting. Nice graphs.

It isn't just PCI. There is HIPAA / HITECH, SOX, GLBA and a newer government compliance guideline. All in all, it is getting terribly expensive to store and secure data. It takes written policies and procedures, audits, on-going training and even procedures for breach notification and resolution.

Then there are the fines and possible criminal prosecution.

No comments: