The Jan. 20 announcement by Heartland Payment Systems that a security breach
left more than 100 million accounts vulnerable underscores the value of a good
security system and the opportunity for solution providers to keep their
customers’ data safe.
"[Security breaches] can and do happen to everyday companies,"
says Eric Greenberg, vice president of security and risk solutions for
Integralis, a managed security services provider in Hartford,
Conn. "The thing is these credit card
processors have high-value data, and so most companies don’t think their data
is that valuable. But most companies also don’t understand the risk and value
of their data."
"This is a prime opportunity for solution providers," says Rob
Fitzgerald, founder of the Lorenzi Group, a digital forensic solution provider
based in Boston. "Many
solution providers have said for years this is what’s going to happen. The fact
is, it will happen and will continue to happen."
The attack on Heartland, which allegedly was the result of software that had
been surreptitiously installed on its systems, was first discovered in October
2008 but wasn’t made public until Jan. 20. Heartland discovered the breach only
after being alerted by Visa and MasterCard of suspicious activity processing
credit card transactions.
"It is difficult to detect this type of attack when you’re looking at
millions of bits and packets," Greenberg says. "This is why it’s so
important to have security not just at the perimeter but also at the server
level."
Looking for activity at the server level—called host-based intrusion
protection and intrusion detection—can help a company analyze data streams at
the source and search for unusual behaviors inside the system as well as files
that have been tampered with, he says.
"Corporations must have strong rules and enforcement about what
employees can install on a machine," he adds. "Most organization are
loose—they’re doing what they need to do to be in compliance, but the
perspective of risk is growing and I would hope now [companies] are
understanding that the risk is real."
As an MSSP, Integralis helps its customers understand what the financial
risk is of having lax security measures. "This [breach] will cost
Heartland enormous amounts of money to get past," Greenberg says. "The
cost of preventative systems is typically less, but companies decide what their
gamble is."
Fitzgerald notes that an educated employee base often can help stop security
breaches at the source—and offering training is one way solution providers can
get their foot in the door.
"VARs can go in and just offer employee education," Fitzgerald
says. "It’s the easiest, cheapest solution there is. They could be taught what
should be and should not be done and what to do when they notice things
happening that are different from the norm."
But, he says, sometimes the risk lies not with the employees, but with third
parties that work with the company. "Many of these events have involved
third-party vendors that have come in to work on the systems," Fitzgerald
notes. "Who is auditing the policies for the third-party vendors? That is
critical and it would be a great thing for a VAR
to get involved in."
Companies also must understand how critical it is to have a holistic
security solution and keep the components up to date, Fitzgerald says.
"It’s a no-brainer for me, but there are plenty of companies who let
their security software license lapse," he says. "If a client refuses
or decides not to accept a security solution, if I were a VAR
I’d request they sign off on a waiver saying they don’t accept it and they
understand the possible consequences of not having the solution.
"There are too many lawsuits flying around these days … I see them all
going downward," he adds.
VARs also need to ensure that their own business is protected, he says.
"VARs themselves can get burned by unscrupulous
employees," Fitzgerald says. "They need to run background checks and
make sure their employees are on the up and up. The economy and the market [are]
creating the perfect storm for more situations like these to happen."