Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Hannaford Data Breach Blamed On Malware: Page 3 of 4

In its letter, according to The Boston Globe, Hannaford said it had been certified in February to be compliant with the Payment Card Industry security standard, known as PCI.

But Lumension's Andrew cautioned that PCI standards are just guidelines that are open to interpretation. He said stores still need to invest in their own security programs. "Retail is a sector which is not known for high-security in particular," he said. "It's not military networks, it's not banks."

Maybe it should be. Fred Pinkett, VP of product management at security auditing company Core Security Technologies, expects that the retail industry will be targeted with similar attacks in the future. "It's where the money is," he said. "The security landscape has shifted from people trying to make a name for themselves to people trying to keep hidden. You definitely will see more attacks."

Pinkett argues that penetration testing is critical. "We would suggest that companies have a good penetration regime in place so they can find the vulnerabilities in their systems before the hackers do," he said.

Sentrigo's Markovich advised that companies hoping to avoid a similar fate use standard tools to encrypt all of their network traffic, rather than select traffic, as Hannaford reportedly did. He also suggested using activity-monitoring systems on the network and database, in conjunction with periodic network and endpoint audits.