News Stay informed about the latest enterprise technology news and product updates.

Heartland 'low and slow' data breach not likely at SMBs?

Reporters hear this a lot when it comes to SMB security: The security risks facing small and medium-sized businesses (SMBs) are often identical to those at big companies, only different in scale. The spam and viruses coming through email are as much a plague on SMBs as they are on the big guys. Ditto for worms and bots.

But the malware that surreptitiously burrowed into Heartland Payments Systems Inc. months ago and was just now discovered to have stolen a massive amount of credit and debit card data?

“I don’t think that would happen at an SMB,” says Rick Caccia, a VP of product marketing at security vendor ArcSight Inc. SMBs see their share of “smash and grab” attacks, where some malware breaks through a firewall and steals a bunch of information or infects a bunch of computers. “It’s a big pain for awhile, but then you clean up afterwards.”

But the type of “low and slow” attack perpetrated on Heartland, where intruders plant a bit of malware that quietly collects information, wakes up and spits back credit card numbers to some domain, is not a top risk item for SMBs, contends Caccia, who ran the email and security products for SMBs and large companies at Symantec prior to joining ArcSight.

Never say never, says Caccia, but size matters in data breaches. “That’s a kind of attack you wouldn’t put in a law firm. You’re going to get like, 50 credit card numbers.” Where’s the criminal return on investment? In contrast, Heartland processes more than 100 million credit card transactions per month.
But there is a “low and slow” attack that SMBs do need to worry about, he says.

“The [Heartland] attack is similar to these botnet infections where users go to a bad website and pick up a new bot.” Like the low-and-slow attacks, the bots are hard to catch, says Caccia.

“They just don’t send much traffic, so the antivirus vendors can’t create signatures for them. They sort of lay there quietly, wake up and spit out some spam,” he said.

The data breaches most likely to affect SMBs, he contends, bubble up from within, from malicious or ignorant users accessing data they shouldn’t.

“Despite the flash, I am not sure all these credit card harvesting [schemes] are actually something they have to worry about,” Caccia says.

Do you agree that you don’t have to worry about the Heartland-type data breach? Do you go after bots — and if so, how is it part of your SMB security strategy?

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.