Incident Response Plan
Incident response is an important component in a security awareness program. While not all incidents can be prevented, incident response capabilities can promptly detect and reduce the losses resulting from security attacks.
In September 2014, Home Depot stated that over 56 million credit cards had been compromised in a five-month cyber-attack on their payment systems. This attack simply highlighted the vulnerability of the U.S. retail store's payment systems. Research the Home Depot incident and reflect on the basic elements of an incident response plan and the attack vectors.
In your initial post, answer the following questions:
Was the Home Depot incident handled correctly? Incorrectly?
Could more have been done? If so, what?
Sample Solution
The Home Depot incident in 2014 was a major data breach that compromised the payment information of over 56 million customers. The attack was carried out by hackers who gained access to Home Depot's network through a third-party vendor. The hackers then installed malware on Home Depot's point-of-sale systems, which allowed them to steal customers' credit and debit card information.
Was the Home Depot incident handled correctly?
The Home Depot incident has been widely criticized for the company's slow response time and lack of transparency. Home Depot did not disclose the breach to the public until over two months after it was discovered. Additionally, the company initially downplayed the severity of the breach, claiming that only the self-checkout lanes had been affected. However, it was later revealed that all of Home Depot's point-of-sale systems had been compromised.
Full Answer Section
Home Depot's response to the incident also drew criticism from the Secret Service, which conducted an investigation into the breach. The Secret Service found that Home Depot's security practices were "inadequate" and that the company had failed to implement basic security controls, such as data encryption and intrusion detection systems. Could more have been done? If so, what? Yes, Home Depot could have done more to prevent and respond to the data breach. Some of the things that Home Depot could have done include:- Investing in stronger security measures. Home Depot should have implemented basic security controls, such as data encryption and intrusion detection systems. The company should also have had a more robust incident response plan in place.
- Monitoring its network more closely. Home Depot should have been able to detect the malicious activity on its network sooner. The company should have had systems in place to monitor its network for unusual activity and to alert security personnel of any potential threats.
- Being more transparent with the public. Home Depot should have disclosed the breach to the public sooner and should have been more transparent about the severity of the breach. The company should also have provided more information to customers about how to protect themselves from fraud.
- Phishing attacks. Phishing attacks are attempts to trick employees into revealing sensitive information, such as passwords, or into clicking on malicious links.
- Malware attacks. Malware is malicious software that can be used to compromise a computer system. Malware can be delivered through a variety of vectors, such as email attachments, malicious websites, and USB drives.
- Zero-day attacks. Zero-day attacks are exploits that target vulnerabilities in software that the vendor is not aware of. Zero-day attacks are particularly dangerous because there is no patch available to fix the vulnerability.