Author: Security Experts / Source: Information Security Buzz
Following the news that Chipotle Mexican Grill’s payment processing system have reportedly been hacked, IT security specialists from Tripwire, AlienVault, McAfee and Balabit commented below.
Tim Erlin, VP at Tripwire:
“While we may have become numb to these breaches, criminals continue to target point of sale terminals. As long as compromised credit card data continues to be a valuable commodity on the black market, any company collecting or processing valid credit card information will continue to be a high value target. Organizations from fast food chains to clothing stores should pay attention to the lessons learned, not just from how criminals are getting in, but also from how compromised companies are handling the incident response to such events.
The best advice for companies running point of sale systems is to isolate and lock down the devices as much as possible. Point of sale terminals are typically low change environment. Implementing security configurations and closely monitoring for any change can both prevent and detect any potential attacks. These systems should talk to predictable destinations both internally on the network as well as externally on the Internet. Carefully monitoring communications for anomalies can help identify successful attacks.”
Javvad Malik, Security Advocate at AlienVault:
“The attack against the payment systems highlights that even with PCI DSS controls in place to segment and protect payment networks, companies need to remain vigilant against attacks and have broad monitoring and threat detection capabilities in place that can alert to an attack in a timely manner so that the appropriate response may be taken.”
Raj Samani, Chief Scientist at McAfee:
“The news that Chipotle’s payment system has been hacked is a further reminder that all types of businesses where transactions are made, are a potential target for increasingly clever cyber criminals. Whilst it is still unclear how many customers and restaurants were hacked, it is imperative that businesses need to take control of their cyber security and introduce efficient security measures long before these hacks actually happen.
“Many customers across the US, Canada and UK will be left wondering today if they have been caught up in this hack and whether or not they have purchased a very expensive burrito….
Click here to read more