Attack heightened security awareness for millions of consumers.

by. Walt Laskos

If there’s any upside to the sprawling Target data breach, it’s that it heightened security awareness for millions of consumers, says Ryan Elkins, senior manager, information security, for Diebold, a CUNA Strategic Services alliance provider.

“If everyone can keep security top of mind while performing their daily tasks and understand their role as both a security control and significant attack vector, we as an industry will have addressed an invaluable level of defense in depth,” Elkins says.

He and Credit Union Magazine Editor Walt Laskos recently discussed the Target data breach, its implications for lenders—and how it all might play out.

CU Mag: How did the Target security breach occur?

Elkins: The target breach is a fascinating case because it follows standard penetration testing methodology. The attack demonstrates multiple phases of reconnaissance, vulnerability discovery, exploitation, and data harvesting.

This is a common methodology used by both “black hat” and “white hat” hackers because of its high success rate. Attackers successfully chained together multiple vulnerabilities by entering through an externally facing system, pivoting across systems on the internal network, deploying malicious code to point-of-sale devices, scraping customer information from memory, centrally storing the information, and then transmitting the data to an external server.

continue reading »