Data Breach Preparation

The Home Depot Data Breach is the second largest data breach on record. It has or will affect up to 56 million debit or credit cards. A trusted vendor account, coupled with the use of a previously unknown variant of malware that allowed the establishment of a foothold, was the entry point into the Home Depot network. Once inside the perimeter, privilege escalation provided an avenue to obtain the desired information. Home Depot did, however, learn some lessons from Target. Home Depot certainly communicated better than Target, procured insurance, and instituted as secure an environment as possible. There are specific measures an institution should undertake to prepare for a data breach, and everyone can learn from this breach. Publicly available information about the Home Depot Data Breach provides insight into the attack, an old malware variant with a new twist. While the malware was modified as to be unrecognizable with tools, it probably should have been detected. There are also concerns with Home Depot's insurance and the insurance provider's apparent lack of fully reimbursing Home Depot for their losses. The effect on shareholders and Home Depot's stock price was short lived. This story is still evolving but provides interesting lessons learned concerning how an organization should prepare for it inevitable breach.