Why Target Breach Was PreventableAdam Tegg of Wontok Solutions on Fighting Malware
The Target retail POS breach is the most talked-about incident in recent memory - and it was entirely preventable with available security solutions, says Adam Tegg, CEO of Wontok Solutions.
Malware attacks against merchants are on the rise, Tegg says, and to mitigate risks organizations must prioritize their deployment of updated technology platforms and effective security strategies.
In a video interview recorded on the expo floor of RSA 2014, Tegg discusses:
- Why the Target breach was preventable;
- Malware trends to watch;
- How to prepare for the pending Windows XP support expiration.
Tegg brings a wealth of experience in delivering growth and development strategies for innovative companies to Wontok, where he leads the company's overall strategy and direction. He played an integral role in Wontok's acquisition of SafeCentral in 2011, and has transformed Wontok into a channel centric global cloud and endpoint security solutions company. He is a seasoned high tech and telecommunications professional with 10+ years' working in the sector. Prior to co-founding Wontok in 2005, Tegg delivered the rapid growth and ultimately the successful sale of Protel Group. Prior to this he worked at Barclays Capital, Credit Suisse and KPMG.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.
Why Target Breach Was Preventable
TOM FIELD: Tell us a little bit about Wontok.
ADAM TEGG: Wontok is an information security company established in 2005 with offices in Australia, the U.S. and Hong Kong. We specialize in advanced solutions for advanced threats. What we're really passionate about at Wontok is the distinction between prevention and detection, particularly as it relates to emerging threats, but also emerging targets such as merchant retailers.
FIELD: You say the Target breach was preventable. I'm going to put you on the spot and ask: How?
TEGG: POS terminals that are essentially Window's machines, the problem is from a security perspective, they are treated like a Window's machine. Some have AV, probably a firewall, and probably some form of application. But you have to ask yourself, is this an appropriate level of security for what is essentially a dedicated financial transaction machine? At Wontok, we would say no. You require a higher level of security, and that would mean putting the POS terminal inside SafeCentral, the correct [way] to secure [a] pristine environment from which the POS session can run. Now in the case of the Target attack, if the Target POS was running inside SafeCentral, then this attack was entirely preventable, yes.
Malware Threats, Defenses
FIELD: What is the escalating impact of advanced malware trends on both merchants and financial institutions?
TEGG: In terms of trends, we're seeing two major things; the first of which is the accessibility of sophisticated malware tools, and also the ever decreasing cost. If you look at it from one perspective, the barriers to entry are ever decreasing. The second trend we're seeing is the ever-broadening target market. What we're seeing is POS terminals, most recently, are subject to these threats.
FIELD: How does your solution add another layer to security defenses?
TEGG: SafeCentral is a heightened security solution that sits at the [corner] of the Window's operating system. When SafeCentral is installed on a POS terminal and running, you are creating a pristine environment from which malware can't operate. SafeCentral POS does not replace existing security solutions, but is another layer providing a pristine environment from which malware can't run.
FIELD: In terms of antimalware trends, what are some of the best practices that you and your customers have developed?
TEGG: It starts with just psychology. You need to approach it from the perspective that, "I have already been attacked. There is malware in my environment." I think Peter Firstbrook said it best when he said, "Accept that there is malware in your environment, and do something about it." So if you accept that, you create a layered security approach. A complement of measures starting with traditional reactive approaches, antivirus ideas and the like, but also proactive measures; we put SIEM, APT, and SafeCentral in that bucket.
Windows XP Concerns
FIELD: Let's talk about the pending Window's XP support expiration. What impact do you see that having on organizations?
TEGG: Businesses have been [made] well aware of XP end-of-life for a long time. Notwithstanding that, many businesses and systems have still struggled to move or migrate to new operating systems. Now that is primarily due to cost and complexity. There is no lack of awareness; it is not an apathy thing. It's cost complexity and the inter-dependencies of these systems. Where this is particularly [evident] are environments like POS, where I believe 95 percent of terminals are running embedded XP. ATM networks are similar; likewise these environments may require a hardware upgrade in order to facilitate the upgrade. What we do as a security company is look at this problem and think, "How can we help businesses with this threat landscape?" One of the things we would propose is that by putting the XP machine inside SafeCentral, they are getting the heightened level of confidence. Even if malware was running in that environment it would not be able to operate.
FIELD: How do you get organizations to shift their focus from detection to prevention? What are some of your specific recommendations?
TEGG: If you are a worthy target, then you can be sure at some point you are going to have malware in your environment. So [while] detection and mitigation are important, prevention is also essential, particularly for your critical systems. By way of critical systems, I would say your POS terminals, PCs of high net worth individuals, anything that is running sensitive data. You need to make sure that you have a preventative measure in place as well as mediation and detective measures.