During recent discussions with retail professionals, I've been trying to determine the level of concern regarding cybersecurity. I realize that it's largely an IT issue, but with all the talk of convergence between IT and physical security, I wonder how long we can silo cybersecurity?
Here is a great article by Wired.com about the security breach at Wal-Mart in 2005 and 2006.
Internal documents reveal for the first time that the nation’s largest retailer was among the earliest targets of a wave of cyberattacks that went after the bank-card processing systems of brick-and-mortar stores around the United States beginning in 2005. The details of the breach, and the company’s challenges in reconstructing what happened, shed new light on the vulnerable state of retail security at the time, despite card-processing security standards that had been in place since 2001.
At the same time, the attacks on stores like TJX, Barnes & Noble and other stores were happening, which resulted in more than 100 million stolen credit card accounts. In case you missed it Albert Gonzalez plead guilty this month to carrying out many of those breaches with other hackers, and is facing 15-25 years in prison.
BUT, here's the sentence that caught my physical security attention:
The intruder had reached the machine through a VPN account assigned to a former Wal-Mart worker in Canada, which administrators had failed to close after the worker left the company.
That's a physical security issue, is it not?