Hackers strike again!


Full Story Below
http://news.yahoo.com/s/ap/20080805/ap_on_bi_ge/retailer_fraud_indictment

It never ceases to amaze me about how sloppy companies can be with data. This was not an impressive hack from what I have been able to determine. In  some cases the wireless was totally open and not even protected with lousy wep! They just drove around business areas scanning for open access points networked with vulnerable computers! We need to be able to trust the security of our data and believe that those we  trust will make at least a small effort in protecting that.  I am not sure who is the worse criminal in this story.

There are a few things companies are supposed to be doing. Obviously there is the data protection act that mean companies should take due care to secure personal information. We also have PCI:DSS (Payment Card Industry : Data Security Standard) that specifically looks at ensuring a secure environment for the storage and processing of credit card data.

As we know there is no easy step when it comes to security, its good we have these requirements, but security is often seen as a like as opposed to a need.

Organisations are sadly very reactive when it comes to security, and will only spend when / if an issue occurs. Proactive security is the key, using a risk based approach to get the balance right.

Keeps us in a job anyway