What Solutions Providers Can Learn From The Potential Wendy's Data Breach

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bsminfo.com/doc/what-solutions-providers-can-learn-from-the-potential-wendy-s-data-breach-0001

The year 2014 saw the likes of Target, Home Depot, and JPMorgan Chase
targeted for fraudulent activity, and 2015 followed with T-Mobile, CVS, as
well as the Anthem breach that affected one in three Americans.

While 2016 started off with headlines of a Time Warner customer data breach
affecting 320,000 customers, the recent news of Wendy’s food chain being a
potential victim could affect far more as their 6,500 locations are in
every major market nationwide.

While the breach itself is still under investigation, it’s at the very
least a security reminder to your IT clients that are business owners and
their customers. In a time when data breaches are becoming commonplace,
both sides have to be even more vigilant in how they protect themselves
from falling victims to such attacks.

Many people can’t even begin to understand the motive behind such attacks.
Jeremy Gumbley, CTO and CSO of Creditcall, explains, “Hackers want more
than a burger and your credit card details, they want the recognition that
comes with infamy — and they will stop at nothing. Understanding what
motivates cyberthieves and their relentless drive for highly sensitive data
should be a wake-up call to retailers, restaurants, and merchants regarding
the imperative need to embrace a multipronged approach to payment card
security (referred to as the ‘Holy Trinity’ and inclusive of EMV,
point-to-point encryption [P2PE] and tokenization).”

Remind your IT clients that the name of the game is persistence and keeping
your guard up. Rather than wait for headlines, taking a proactive approach
in terms of reviewing statements and keeping an eye on all systems goes a
long way in protecting businesses.

And there’s more at stake here. Beyond the potential for Wendy’s to get hit
with a hard dollar amount to pay back, there’s residual harm something like
this can cause to the chain. These are some of the same things that hit
Target when their breach happened in 2014 and the subsequent fallout that
lingered. Things like consumer trust in their brand, stock prices,
marketing spend to regain trust, and technology investments to all but
outright protect against another breach.

It’s the idea of a pebble dropped in water and how those waves can carry on
and affect so much more.

Jeremy Gumbley goes on to say, “Wendy’s data breach offers lessons for
large and small retailers alike — again, hinged on the need for a
multipronged payments security. EMV is a great first step, but it alone
cannot prevent a data breach. P2PE is a fantastic complement, and for
optimum comprehensive security, tokenization is an essential part of the
mix.”

VARs and solution providers take note. While fear mongering isn’t
necessarily a sound business platform, bringing these truths up with
prospective clients is an absolute must when outlining a sound security
plan. To stop short of risks and how to address them is only doing a
disservice to yourself and your customer base.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.