News flash to IT security professionals: If you are depending on an alert system that generates 10,700 messages a day that require manual processing to determine if any are fraudulent or not, your alert system is not working.
This article says that this is exactly what happened at Neiman Marcus while credit card data was being stolen. The investigators reported that the 60,000 alarms over the three and a half months of the attack were not noticed because they represented about one percent of the total number of alarms (which I extrapolated into 10,700 alarms per day).
No comments:
Post a Comment
Well-thought-out comments by intelligent people are encouraged. Other comments will be deleted or not approved. Note that anonymous comments are allowed; feel free to include your handle in your comment.