Home Depot Breach

Today’s Home Depot breach is another in the series of cracks that show up weekly in companies security portfolios. Information that I received this morning, Home Depot did the right thing and came clean about the breach. Big corporations, the US government and people in general need to take action. Posting that an exploit has taken place after the fact is not enough. There is not one simple answer. There are simple steps that we as business people and individuals should be, must taking.

    1. Secure data behind state-of-the-art packet level firewall inspection.
    2. Use 24/7 scanning and monitoring
    3. Keep best practices in place for device security.
    4. Use HTTPS on your sites.
    5. Train people to better understand the dangers

home-depot-breach-preventable

Companies are liable for damages in matters like this Home Depot breach. According to cybersecurity law expert Daniel Solove, they do not seem to care very much at the highest levels. Meaning they are not taking action to stop breaches. People in general seem little phased by it either. Solove indicates that companies act as they do because the many laws are easy to challenge and people have little standing in those courts. In my words it’s like a giant oil company, Exxon, after the one of their big spills saying the corporate lawyers can just run out the clock. People in IT and accounting are concerned as noted here.

There needs to be more accountability. This breach is larger, much larger than Target. Gartner Security guru Anton Chuvakin says, “The one thing you never want to hear in the cyber security context is it’s like the target breach, only worse.” There are many reasons this recent Home Depot breach is worse. The volume of data stolen, the national scope and the volume/types of data taken are broader and most importantly it is the imposing pile of data breaches that it adds too. This data theft included zip codes, which make the data much more valuable.

home-depot-breach-human-factors-in-rail-and-road

For Interest sake, here in Greensboro and the Triad region the zip codes 27407, 27410 and 27406 are on the list posted by Kerbs on Security web site. The full list is here. The people that stole the data from the Home Depot breach are selling it. The Kerbs on Security site pulled 3000 zip codes from the black site where the information is for sale. More data, analysis and forensics will come out over the next few days. Today I changed the last of my accounts that had my old compromised card from a breach Jimmy John’s Sub shop a month ago.

My policy over that past year is cut-up and request new cards every three months. Like the shelf life of passwords, the shelf life for credit and debit cards is just not enough. Try it cut your cards in half today, most banks and reputable providers will overnight you a new one at no cost(Disclaimer: CHECK FIRST).