Device Hardening and Continuous Compliance Monitoring CONTINUOUS COMPLIANCE

The home improvement retailer, Home Depot, has agreed to pay at a minimum $19.5 million to compensate consumers affected by the 2014 data breach.

Home Depot filed its preliminary settlement on Monday at a Federal Court in Atlanta where the company is based.

$13 million will be allocated to reimburse consumers for out-of-pocket losses, and at least, $6.5 million will be used to fund 1-1/2 years of identity protection services.

This breach affected U.S. and Canada consumers who swiped their payment cards at the self-checkout POS terminals between April & September 2014.

The company claims an intruder has able to successful infiltrate the computer network by using a vendor user name and password. The attacker was then able to use custom built malware to access Home Depot shoppers’ payment card credentials.

Among those affected include 40 million individuals who had their payment card data stolen and 52 million people who had their email addresses stolen.

The Home Depot data breach was one of the first notorious breaches to nearly cripple the retail industry, alongside the almost infamous Target breach back in 2014. POS terminals have continuously proven to be the easiest target for cyber criminals. The sensitive information stored on these devices is far too sensitive to leave unprotected without defense measures implemented.

The Home Depot breach could have been easily avoided by implementing a hardened build standard with precision change detection (the PCI DSS recommends using the CIS Benchmarks as the best hardening standard to adopt). Hardening coupled with breach detection technology (FIM-based Host Intrusion Detection system or HIDS), would ensure that, even if a breach was successful, at least you would be alerted of the issue immediately and be in a position to take action to prevent any card data loss.

In a world of constantly emerging threats, security is a tough job – but the concepts of best practice have been devised for a reason.  The challenge for organizations is to attain that balance between unworkable change control practices and an anarchic environment that provides ample opportunities to hide. Closing the loop on change control delivers that vital visibility of all integrity changes but with just a fraction of the noise generated by traditional FIM implementation, enabling organizations to have far more confidence both in the validity of alarms and their ability to investigate and disarm.


Read this article on Reuters

Share this blog post

USA Offices
New Net Technologies Ltd
9128 Strada Place
Naples, Florida, 34108
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
St Albans


Tel: 08456 585 005
Fax: 08456 122 031
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.