The FBI is warning US retailers to prepare for more cyber attacks in the wake of the Target data breach in December that reportedly affected up to 10 million people.
According to reports, The US Federal Bureau of Investigation is anticipating a growth in POS malware crime, despite security mitigation attempts, and is warning US retailers to prepare for similar attacks.
Speculation is also mounting about the likely involvement of insider knowledge, with experts including Garter analyst Avivah Litan writing: "Insiders can cause the most damage because some basic controls are not in place. I wouldn't be surprised if that's the case with the Target Breach - i.e. that Target did a great job protecting their systems from external intruders but dropped the ball when it came to securing insider access."
The sophisticated attack experienced by Target involved the theft of card data used for shopping between 27 November and 15 December, a busy shopping period in the run up to the festive season. Andrew Avanessian, VP Professional Services at Avecto commented: "The concept of eggshell security, where the external perimeter is hard, but the interior policies are soft, just isn't strong enough in 2014.
"Whilst advanced firewalls and anti-malware technologies can help to reduce external threat, over-privileged users with too much access to systems create a real danger point on the inside. A layered security approach including traditional perimeter defenses, privilege management, app allow listing and patching is the only way to defend against such advanced attacks."
