Compliance-based security doesn’t always provide protection against determined attacks. This was the unfortunate case in the recent breaches of Target, Neiman-Marcus, and Michaels Stores. According to the investigation, the retail chain was aware that such a breach could happen, but it still ignored warnings.
“Michaels knew that its POS systems were vulnerable to attack. Dr. Neal Krawetz, a cyber-security expert, published a white paper in August 2007 alerting major retailers, including Target, to the risk of POS cyber-attacks,” said Tom Loeser, a Hagens Berman partner and former federal prosecutor in the Cyber and Intellectual Property Crimes Section of the U.S. Attorney’s Office in Los Angeles, in a statement.