Security tools can't keep hackers at bay

Analysts say hidden breaches like one that exposed credit card data of Schnucks supermarket customers for four months could become commonplace.

For a few months earlier this year, the personal data of customers of the Schnucks supermarket chain was exposed to hackers whose work went undetected until after a card processing company issued an alert about fraudulent activity on a handful of credit and debit cards used at the stores.

Even after the alert was issued, it took a while to determine the cause and close the breach. In an initial probe, Schnucks quickly ruled out insider theft or faulty point-of-sale machines as causes. The St. Louis-based retailer then hired Mandiant, a cybersecurity firm, to pursue the investigation, but even Mandiant's specialists needed about two weeks to find and plug the breach, and then secure the company's systems.

Analysts say such delays in finding and closing breaches could grow more common because hackers are getting more sophisticated and the security tools needed to keep them at bay are mostly still in development.

The difficulties encountered by the Schnucks security team and the security experts from Mandiant show how good online attackers are getting at concealing their tracks, said Avivah Litan, an analyst at Gartner. "You'd think they would have figured out what to shut off or at least how to control traffic" to stop data leaks, she added.

Increasingly, attackers are resorting to techniques like hiding stolen data inside legitimate files and encrypting data to evade detection, she said. "They cloak their malware or hide it within seemingly innocuous files so that it's very difficult to detect," she said.

"[Today's] network and enterprise security tools are not smart enough to detect the hacking when it occurs," and they might not even uncover such activity in a matter of hours or even days, Litan said.

To continue reading this article register now

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon