The latest cybersecurity that occurred at fast food/drive up chain Sonic is another sad example of how the use of antiquated legacy systems and process are a threat to us all. I like Sonic. I buy there. What I don't buy is losing my credit/debit card info because I like their New York dogs.
How this latest breach happened is something we the public might never know the full details of, but it's a safe bet to say that somebody dropped the ball.
My inclination is to believe that they are relying on things that are no longer enough. Things like antivirus. I have a computer that runs like crap when I use antivirus. So for this one system, it doesn't have anything like that running on it. It's an old P-O-S anyway, but a funny thing happened in the 3 plus years I've had it - NOTHING. Are viruses a threat? Sure. But endpoint protection is fallible, and if that's your plan for security, and firewalls, and whatever "walls of protection" methodology you have in place, well good luck.
Things have changed.
There are far too many increasingly evasive and sophisticated threats to fight with dated tactics and dated technology. Not only that, things move so quickly and people are targeting the payment infrastructure. Nobody is safe, even good old Sonic.
Hackers have an easy time at getting through those barriers.
So what to do? Retailers need to prepare for the reality that in time, these attacks will be more frequent. Both on the known attack front and the unknown attack front. Response-based and risk-averse planning is required. These organizations must also arm themselves with advanced technologies, using intelligence, analysis, and encryption throughout the stack. Only then can the threats of malware, ransomware, penetrating attacks, and data exfiltration be dealt with.
Anyone know how to cook a dog the right way? Please send tips. and recipes.