We would like to keep you up to date with the latest news from Digitalisation World by sending you push notifications.
Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
There are a couple of fascinating aspects to the recent hack of Domino’s Pizza, not least being the fact that the hacker is holding information about the company’s customers to ransom for what seems quite a small sum, €30,000 (£24,000).
This suggests two things: one that the hacker understands the market price for the information – the company is likely to get stung with a fine of at least £50,000 for the breach, so pitching the ransom at half-price would let the company off lightly. The second is that, with a gross `return on investment’ of just £24,000 this suggests it was quite an easy hack to create and implement. It also, quite possibly, suggests that the hackers have a market for the data regardless of whether Domino’s pays up or not.
Hackers who cracked the Domino's Pizza database say they have stolen the details of more than 600,000 customers – including their favourite toppings. Shared servers in France and Belgium have been claimed as being `vulnerable’ and were compromised, with a range of customer details stolen.
The exploit has prompted several noted security experts to comment on it, including Andy Heather, VP EMEA at Voltage Security, and TK Keanini, CTO at Lancope. Perhaps the saddest observation of all is that the advice they offer is hardly new or unusual, but has to be repeated nonetheless.
According to Heather, the value of personal data continues to be recognised by hackers who are now attempting to use the data to hold companies to ransom.
“Where previously financial data was the key target of the hackers, the theft of financial information (credit card or account information) has a limited lifespan, until the victim changes the account details etc.,” he said. “But the personal information that can be obtained has a much broader use and can be used to commit a much wider range of fraud and identity theft, and simply cannot be changed.
“The value of this personal data to the cyber-criminal has a much greater value, for example where the selling price for a single stolen credit card is around $1, if that card information is sold with a full identify profile that can dramatically increase up to $500. If the cyber criminals know where the real value is then surely we should all expect responsible organisation to pay appropriate attention to keeping our personal information safe.
“This breach highlights a need for companies to place tighter controls on how their customers' sensitive information is stored and protected. If data is left unprotected, it's not a matter of "if" it will be compromised - it's a matter of "when". Even the best security systems in the world cannot keep attackers away from sensitive data in all circumstances. When a company is storing sensitive information about their customers, the risk is to the data itself. Therefore, a company needs to assume that all other security measures may fail, and the data itself must be a primary focus for protection - usually via encryption. It is critical to note that this protection needs to include all potentially sensitive information and not just financial related data.
“If Dominos had employed format-preserving encryption to protect the data itself, the attackers would have ended up with unusable encrypted data instead of the current outcome where an untold amount of their customers' personal information is now in the hands of cyber criminals.”
According to Lancope’s TK Keanini, ransomware of all types are on the rise because the inventions of crypto-currency like Bitcoin and others lets the hackers operate with a functional currency that does not compromise their anonymity.
“While retail has been in the news lately with a lot of data breaches, if you have a lot of personal data on people, the more people you have the more attractive you are to these criminals. If you have not been hit yet, now is the time to prepare with an incident response readiness that will ensure business continuity. It is just a part of doing business in this age of the Internet.
“Domino’s in particular needs to treat this event as an ongoing business problem and not as a one-time event. They should provide leadership and expertise to all of their stores and deliver the operational visibility required to ensure early detection of this type of threat. While getting in again is likely, they must raise the cost to this adversary to hide and operate.”
