IndexSecurity IssuesOutdated SoftwareThird Party AccessLack of MonitoringRisk AnalysisThreat IdentificationCurrent Control MeasuresSystem VulnerabilitiesRisk Mitigation StrategiesConclusionReferencesIn 2014 Home Depot was hacked using login information from a third-party provider. From there the hackers infiltrated their network and installed custom malware. Home Depot had many problems with lack of security and systems updates. With some of these implementations they could reduce the risk of an event like this happening again. After months of going undetected, it was made public that 56 million credit card numbers had been compromised. The hackers carried out a passive attack after gaining access to the network with login credentials from a third-party vendor. After obtaining information about the system, they exploited a known issue in the operating system to elevate their user status. From this they were able to install custom RAM scraping malware that could read customer cards and from this the hackers obtained the credit card numbers of 56 million customers. They also received emails from 53 million customers. This will focus on protecting customer data and the threats and risks associated with that data. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original EssaySecurity Issues Outdated Software POS terminals ran an outdated version of Windows. The use of this operating system has made POS terminals more vulnerable to attacks. The operating system on the POS terminals should have been Windows Embedded 8 Industry or Windows Embedded POS-Ready 7. If the operating system had been updated on the POS terminals, there would have been more security features available to use to mitigate the risk of the current vulnerabilities. An important feature that would eventually help prevent customer data from being seen by threat agents would be the use of Point-to-Point (P2P) encryption. However, this was not available on the operating system used at the time. In addition to the outdated operating system, Home Depot's antivirus protection also needed to be updated. The current antivirus software used was Symantec's Network Protection from 2007. All software should be a modern version and if the POS terminals were unable to run it, the terminals would need to be updated as well (you could put this in the mitigation part of the risk). Third-Party Access Hackers would not have been able to make their way into Home Depot's network if they had not gained access to a third-party vendor's login credentials. Easy-to-guess passwords are a common problem with any type of software that relies on logins. After entering the system using third-party credentials, they took advantage of a problem with the version of the Windows operating system used to elevate their user status within the system. After this user status boost (I'm pretty sure there's a better word for this, find it), they moved into the corporate environment and installed custom malware that affected numerous POS terminals. The accessibility of the third party in this situation was an issue, as was the lack of secure access. Lack of monitoring It took Home Depot five months to realize that an outsider was accessing customer information. If regular checks and audits of the network had been carried out,they might have noticed the intrusion and not so much customer information would have been compromised. The Payment Card Industry Security Standards Council requires system scans to be performed quarterly. On top of that, they require a third-party security team to go through the network and perform an audit. Former Home Depot IT staff employees say Home Depot did not adhere to either condition. One important feature that was not enabled was network threat protection. If these checks and scans had been carried out, they could have resolved some of the vulnerabilities and implemented strategies that could have prevented or reduced the severity of this breach. Risk Analysis Threat Identification A) Card Skimmers Card skimmers are devices made by criminals to place on POS terminals that look just like the normal devices we use to make our purchases. The devices still make purchases, however they read and record card data and store it for the thief who installed them. The data stored is the cardholder's name, card number and expiration date (Hawkins, 2015). Card skimmers could be installed on Home Depot POS terminals. Attackers Attackers pose the greatest threat to Home Depot's POS terminals and networks. Most attacks are external attacks. Attackers perform these attacks in most cases to obtain customer information. Once they get this information, they turn around and sell it. In the case of this breach, it was an external attack. The hacker managed to access the account of a third-party vendor and carried out a passive attack to obtain information on the type of software used on the POS terminals. Next, the attacker installed malware that could read customer data from their cards on approximately 7,500 Home Depot POS terminals. Those of the attacker represent the greatest threat. B) The Value of Assets Home Depot's technology assets in this case consist of POS terminals, networks, customer data, software, and network personnel. Customer data has the highest priority. In the case of the Home Depot breach and numerous other breaches, customer data is the attackers' target. The security of this information should be your first concern. The blurring of confidentiality can significantly affect the public image of that company. If public opinion of a company declines, sales will follow. POS terminals, networks, software, and network personnel are all given moderate priority. All of these resources are essential to function in the modern market. However, without customer retail chains there is nothing. Current Control Measures There was insufficient information available on the control measures in place at the time of this breach. Home Depot has used Symantec antivirus since 2007 on its network. According to Symantec (2006), “This patent-pending technology detects disguised threats at all system levels, including the application, user mode, and kernel level.” The software also provided solutions to prevent threats from exploiting vulnerabilities in the version of Windows used at the time (Symantec, 2006). There was no information on whether Home Depot also used Norton Internet Security 2007, which would provide additional network protection. Because the threat agents gained access using login credentials from a third-party vendor, Home Depot had accessibility controls in place. System Vulnerabilities As noted in the Security Issues section, numerous have occurredproblems with Home Depot systems. POS terminals use Windows XP Embedded SP3 as the operating system. This version of Windows is susceptible to attacks. Older versions of operating systems may not receive all security patches and updates that current operating systems receive. At the time, the version of the antivirus they were using was seven years old. The software may have supported current store POS infrastructure, but it suffers from the same issues as older operating systems. The physical security of POS terminals can be compromised if there are doors open. It is recommended to physically disconnect or lock all ports except one for maintenance. Having sellers able to access the same network that Home Depot uses for its other operations poses serious security risks and vulnerabilities. Limiting their accessibility and separating different parts of their network could help prevent a hacker from getting a lot of information from their network or databases. There is a possibility that someone will install a card skimmer on a POS terminal if it is left around an unattended POS terminal for a long enough time. Home Depot network staff said Home Depot did not perform monthly audits or network and system vulnerability scans. These measures must be put in place. Without these measures, network staff do not know whether current measures are sufficient or not. Constantly improving the security of these systems costs the company money, however, the savings from preventing a major breach, which in this case is much less than both the financial and image costs of the company. Network personnel also determined that Network Threat Protection was not enabled on their Symantec Endpoint Protection. (This measure does this and would have prevented the situation from getting worse blah blah blah). Risk Under the generic organizational risk context, retail is not as vulnerable an industry as some of the other fields on the spectrum. Retail is likely to be targeted because there is a lot of information about people circulating on their network. Customer credit card information is valuable. However, retailers know they are at risk and know that they must take more precautions than other sectors. A combined risk assessment approach is the ideal assessment. The baseline would be updating the operating system, antivirus software, firewall, and physically blocking ports on POS terminals. Customer data is typically the most sought-after information by threat agents. Therefore, the decision to protect this information as much as possible is good for Home Depot's public image and the well-being of customer safety. Since this is such an important aspect, even more security is needed in this area. Greater encryption of customer information is needed, as well as separation of customer information into different files. The risk of a skimmer being installed on a POS terminal is quite low, but the cost of implementing a solution to the problem is also low. The best solution for this potential threat is to have proper employee training and inform them of the likelihood of such a situation occurring. It may cost Home Depot money over time, but its cost exceeds what the cost of a card skimmer would affect the company. Training can only include not leaving POS terminals unattended for long periods of time and turning off some machines if they are not in use. Installing a card skimmer takes time, if a threat agent can't get it 26, 2019.