The Home Depot announcement that hackers stole 53 million customer email addresses by accessing its network with a vendor’s stolen username and password has national retailers and financial firms reviewing their own security procedures.
This comes within a year of major companies like Target and JP Morgan Chase dealing with data breaches impacting millions of Americans nationwide.
Jason Glassberg, co-founder of the cyber security firm Casaba told FoxNews.com that this latest attack shows a “repetitive pattern” used by hackers.
Increasingly, they are are accessing company information through third party vendors or suppliers who are interacting with businesses' internal networks.
“Supply chain attacks are a major problem right now. Not just for retailers, but for any Fortune 500-1000 in energy, finance, health care, defense,” said Glassberg. “The basic problem is that a smaller company cannot defend itself against a highly sophisticated attack. It simply doesn’t have the same level of resources as the Fortune 500 it serves … so they’re [hackers] going to explore which vendors have network access to them.”
Current company payroll procedures used by The Home Depot and Target, he believes, might have led to an attack. “A supplier logs into a payroll processing system and submits [the] invoice that way … it’s that vendor invoice processing system that had a flaw that allowed attackers to take advantage of some vulnerabilities, gain a foothold, and therefore gain entry into the corporate network.”
Hackers are looking to develop ways where they can remain inside a sensitive network without detection.
“This is something that attackers look to do – look to establish a presence and remain undetected,” said Glassberg.
He points out software and hardware solutions are available to solve intrusion problems, but “they are very hard to configure in a way that gives you an accurate result.”
As the holiday season approaches, Glassberg says shoppers should be vigilant when giving out personal information. “This is the time of year where a lot of these attacks take place based on people not being aware.”
The security expert suggests using one dedicated credit card for online purchases so it’s easier for consumers to notice unusual activity on their account.