Home Depot Cyberthieves Took Advantage of Security Upgrade Delays

For those corporate employees who get frustrated by the slowness of decisions and the glacial pace of deployments, take comfort in the fact that this slowness was a gift for cyberthieves who wanted to—and successfully did—attack Home Depot. The attackers literally took advantage of the slow reaction time of the huge chain to make its attack effective.

Cyberthieves “move quickly to exploit flaws—unlike the decision-making and drawn-out testing procedures that corporations use when making big changes to store systems. That difference can leave retailers hopelessly behind their new adversaries,” said a Wall Street Journal report on the attack. It quoted one Home Depot insider saying: “You are always responding. You never can catch up to where (cyberthieves) are.”

The story said that one month management and security teams to agree on their shopping list of protection tools, which would require extensive system upgrades. “The security team at Home Depot faced challenges similar to those at other large retailers. The networks are sprawling and deeply interconnected,” the story said, adding that if a cybererthief “could find one weakness, he might be able to tunnel across the networks to more sensitive data.”

Another wrinkle: Home Depot hadn’t completed an already-planned 80,000-POS upgrade to support EMV, which needed to happen before the security upgrades could be deployed. It’s original plan had been to deploy EMV systems by next year, but the Target breach scared Home Depot into accelerating that EMV rollout so that it was completed by the summer of 2014.



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.

Click to comment