Sunday, February 23, 2014

Security alert fail

News flash to IT security professionals: If you are depending on an alert system that generates 10,700 messages a day that require manual processing to determine if any are fraudulent or not, your alert system is not working.

This article says that this is exactly what happened at Neiman Marcus while credit card data was being stolen. The investigators reported that the 60,000 alarms over the three and a half months of the attack were not noticed because they represented about one percent of the total number of alarms (which I extrapolated into 10,700 alarms per day).

No comments: