On Tuesday, February 4th Target and Neiman Marcus officials testified before the Senate Judiciary Committee. Symantec, Consumer Union, Justice Dept, U.S. Secret Service, and others testified before the committee. You can watch the entire 2 hours and 47 minutes of C-SPAN video here. The hearing focuses on protecting Americans' privacy and combating cyber crime. The Target and Neiman Marcus data breaches are highlighted, with much discussion on moving away from magnetic credit cards and direct impacts on "brick 'n mortar" stores.
In this hearing, the malware that targeted Target and Neiman Marcus is often referred to as "advanced" and how it was so sophisticated that it avoided multiple layers of detection systems (i.e. IDS, A/V, DLP, etc.), which is another topic for discussion when it comes to signature-based solutions. But just as my friend and colleague Brian Moran points out, the Target malware from the viewpoint of a seasoned incident responder and forensic examiner, is only as sophisticated as it needs to be to steal data. Brian states, "Cyber criminals will continue to use malware that is only as advanced as it needs to be to allow the compromise, collection, and exfiltration of data." In my previous post, I also discussed of how we all can turn this information into actionable intelligence.
With data breaches, NSA data collection debate, and consumer privacy being at the forefront of news and debate...future legislation will have a direct effect on the entire country going forward. What are your thoughts? Leave me a comment.