News
Acer suffers data breach through online store - expert comment
June 2016 by Paul Fletcher, Cyber Security Evangelist at Alert Logic
Acer has suffered a data breach on its e-commerce site due to the unauthorised access of a third-party. Acer is not saying how many users were affected by the intrusion, but revealed that data such as names, addresses, payment card numbers, card expiration dates and three-digit security codes (CVV numbers) may have been compromised.
If you are planning on covering this news, or wish to add some expert commentary to an existing piece you may have already written on this research, please see below from Paul Fletcher, cyber security evangelist at Alert Logic.
"This breach seems to reflect a familiar pattern. Attackers had access for a long period of time - research shows that attackers sit inside victim’s infrastructure on average for 200+ days before being discovered. Breaches are often linked back to partners or 3rd party vendors, which provide an access point for attackers.
Knowing that this is a frequent attack scenario, organisations need to take quick action to operationalise the premise that they have already been hacked. Organisations need to dedicate resources to go on the offensive and actively hunt internally to find indicators of compromise. Organisations should have a robust third party due diligence program as part of their security program.
Maybe it’s time for companies to invest resources (people and money) to help enhance the cyber security capability of the smaller, speciality vendors. Typically the 3rd party vendor is a smaller organisation with a speciality in a certain area, but don’t have the resources for security professionals or tools to help avoid these types of breaches. Vendors like Acer certainly have an interest in making sure their 3rd party vendors are secure, so it may be worth it to invest in an external security service provider.”
