 Heartland Payment Systems was all over the press today about their breach that exposed over 100 million accounts!! Wow, this could possibly be the biggest exposure ever. Hackers sure seem to be winning this race. I feel bad for these companies and their InfoSec groups. They are probably feeling the heat from every direction -- keep us secure, but do it on a shoestring budget.
And, I am sure they are hard working people with good intentions. Unfortunately, lack of education and awareness at the senior management level led to poor planning, inadequate budget, and short-term fixes. Throw some more network firewalls and IDS boxes at the problem because that's what we understand. While, Web applications are wide open and vulnerable. Of the 100 to 150 million Web sites out there, 80 to 90% are critically vulnerable. They are ripe for hackers who are going after financial gains, especially in today's economy. Companies like Heartland don't even find out if they are being hacked because gone are the days of hackers beating their chests to claim their hacking prowess. Now it's all about being stealthy while stealing money. My guess is that there are thousands of sites being hacked without any one knowing. Sometimes it can take months before you find out the impact. Solution? - Be proactive. It's not that hard. A little bit of planning and testing of Web applications can help identify the critical holes you can fix before hackers can exploit them. Even if you can't secure 100% of them right away, at least make it makes it much harder for the bad guys. Take that first step of starting the Web security process. Before it's too late. by
Mandeep Khera, Chief Marketing Officer
Mandeep@cenzic.com | 
