There has been a multitude of various data breaches this year alone. Several of them have involved large amounts of extremely valuable information, such as payment card data. For instance, the attacks that Chipotle and Kmart had suffered this year had targeted payment information. The reasons for attackers to target this information is quite obvious, being that they can use it to commit all sorts of fraud and illicit transactions. In yet another incident, a popular seafood restaurant in Baltimore called the Rusty Scupper had suffered a cyber attack late last year that led to payment data being compromised.
According to Select Restaurants, the parent company of Rusty Scupper, debit and credit card information had been compromised by malware. Those who had used their cards at the location between Oct. 27th, 2016 and Jan. 9, 2017 may have had their information affected. The breach had initially been investigated in March after strange activity was noticed by a third party vendor. The investigation confirmed the compromise in April, and the restaurant then worked to quickly address the issue. They have said that the malware has since been removed and it is safe to use cards at the location again. According to Krebs, the incident appears to have occurred because of an infection of the restaurant group’s point of sale vendor, 24×7 Hospitality Technology. The president of Select Restaurants Alan Donatelli had said in a statement, “Select Restaurants takes the security of our guests’ information seriously, and we apologize for the inconvenience this incident has caused our guests.” He had also said that they are still working with law enforcement and forensic investigators to ensure their systems are secure.
Not the Only Affected Location
Unfortunately, several other locations under the management of Select Restaurants were also affected by the incident. The Rusty Scupper was actually only one of about a dozen Select locations that were affected around the nation. This raises a very important point of needing to ensure the security of third party vendors. Many organizations tend to neglect evaluating the security of third parties before doing business with them, which can be quite dangerous. When a third party is breached and it affects the peripheral organizations connected to it, those organizations are still responsible as well. It was their choice to do business with the third party, and regardless of the direct breach being of the third party, the organization still holds responsibility for the protection of their own data and that of their customers or clients.
Employing Cyber Security Monitoring to Detect Attempted Breaches
One of the largest problems with breaches in the modern age is the fact that they often go undetected for quite some time, like in the above incident where it was not discovered for several months. This simply allows the threat to continue to wreak havoc in systems and networks. Cyber security monitoring is the tool which can help to prevent this type of occurrence. With proper monitoring in place, those responsible for the network and systems can be immediately notified of any anomalies or indicators. This allows them to then rapidly investigate the alerts, and address them if proving to be malicious. Having this type of awareness over networks and systems is vital with today’s threat landscape. Massive Alliance offers comprehensive cyber security monitoring services that can provide organizations a much higher level of a proactive defense.