The aggressively competitive environment and customer demands challenges business world to adopt every new technology to be in tune with the changing technology scenario. However, simply adopting new technologies will not really give enterprises a competitive advantage. With businesses working through a digital and networked world, the emerging technologies also open up new areas of threats. Cyber criminals are smart enough to locate the loopholes in the networked systems and new technologies and make use of these for their benefits. Recent incidence reported from the world’s largest home improvement chain of stores, the Home Depot is a classic example of such cyber threats.
Incidences such as the one faced by Home Depot Inc, wherein hackers stole about 53 million email addresses in addition to customer data for 56 million payment cards estimates a loss of nearly $62 million. Reports showcase that the hackers used a third-party vendor’s user name and password to enter the perimeter of the company’s network, and acquired “elevated rights” that allowed them to navigate parts of Home Depot’s network. These criminals then worked their way to deploy unique, custom-built malware on its self-checkout systems in the stores across U.S. and Canada. A similar case of third-party vendor as the point of entry was reported in last year’s unprecedented breach in the retail giant Target Corp’s network which saw hackers steal at least 40 million payment card numbers and 70 million other pieces of customer data.
With such large volumes of data breaches the global business leaders need to look for methods to create a more threat -free environment. The Home Depot removed the terminals identified with the malware as first steps to protect customer data and close hacker’s method of entry. Further, the enterprise has also taken steps such as implementation of enhanced encryption of payment data across their US and Canadian stores by early 2015 as also the use of EMV technology in all the US credit cards. Unfortunately with technology providing cyber attackers an asymmetric advantage vis-à-vis businesses, the task of managing data security for this globally widespread enterprise is therefore a complex one. Moreover, with cyber attackers equipping themselves with sophisticated tools, enterprises need to look for new approaches rather than the traditional “scan and patch” approach to security threat management.
The growing number of security gaps and vulnerabilities demands the use of efficient Security Posture Management (SPM). Being an art of managing the security of vital data and network by orchestrating process-people-technological resources the Security Posture Management helps enterprises to proactively achieve business security objectives and all issues in real-time. The unique, unified, automated cloud-based Aegify Security Posture Management (ASPM) tool, offers enterprises an end-to-end security management solution. This helps enterprises identify their business critical IT assets, evaluate their risks based on vulnerabilities and the impact of potential threats, and initiates appropriate measures towards ensuring Confidentiality, Integrity, and Availability of information assets. Such an innovative automated tool not only simplifies the method of protecting the IT infrastructure from security breaches but also ensure that the processes are compliant to HIPAA and HITECH regulations and established security Standards.