Between the extreme flooding in the Midwest and Florence hammering the eastern seaboard, it’s been a rollercoaster these past few weeks. Couple that with the yet another security breach hitting the news and it feels like everywhere we look, there’s another awful headline. In case you missed it, British Airways disclosed that 380,000 card payments were exposed because of card skimming.
Since it’s that last news nugget that inspired me to write this, let’s dive into what happened a little more. The card skimming was virtual on both the website and mobile application. Where it gets interesting is that it wasn’t even British Airways who noticed the nefarious activity. It was a third-party who caught it and alerted the necessary agencies. It then took those agencies to finally notify British Airways (who are the largest UK airline, I might add).
This is not the first time we have seen this level of breach. For example, we saw a similar attack against Ticketmaster recently. It’s even believed that it was the same group that hit both companies. However, Ticketmaster wasn’t the sole focus of that attack. Instead, the group targeted a third-party ecommerce tool, which Ticketmaster happened to be running. The reason this attack hit both Ticketmaster’s website and mobile application was because of that shared code. Sharing code obviously allows for faster development, but this also results in shared risk. In this scenario though, it was Ticketmaster themselves who noticed the breach.
This all leads me to the question, “Who the hell at British Airways was not on top of the company’s security posture?”
I’m known for letting out large sighs. Most of my friends, family and maybe even coworkers have witnessed this. This is mostly done to supply large amounts of oxygen for further contemplation about situations such as how the Bears can continue to disappoint while a one-legged Aaron Rodgers chews up their defense.
Thank you for that slight departure while we get back to our topic of security. I made that detour because British Airways blew it just like the Bears, which pains me to say as a Chicago fan. Now I will say, this attack was methodical, strategically planned and well executed. Being in business, you have to admire that.
My main point though, is this. Instead of endlessly debating who should be responsible and when certain parties should become involved, just pick someone and get started with security at your organization. You can always adjust and make improvements, but don’t make it something you’ll get back to later. Today and going forward, there is too much risk to have security as an afterthought in your business.
As information has been revealed, it’s clear to me that British Airways did not have enough controls in place. For example, they should have had the following.
- Malware Monitoring of the Website (Including SSL Certificates) – Certificates were changed right before the attack. Nothing caught that change.
- File Integrity Monitoring – It was noticed that a key file was changed right before the attack that hadn’t been changed since 2012.
- Unauthorized Device Monitoring – The attackers were on the network for quite some time before the attack while coordinated the pieces for their plan.
If British Airways had these tools in place, this story would have played out much differently. It’s situations like this that are the reason we offer such tools in the new Advanced Security Package. They’re there to make sure your company is taking a Security First approach. Wind River curated a robust toolset to help your organization lay a solid security foundation, so you can avoid being the another security breach headline.
If you’re struggling with how to get started, Wind River is only a phone call or email away. We’d be happy to start you down the right path.
[su_button url=”/contact” background=”#5a6e16″ size=”10″ center=”yes”]CONTACT US[/su_button]
