Yesterday morning, ZDNet published an article following up on Wawa's data breach, announced in late December: PCI information from 30 Million customers has been released for sale on Joker's Stash.
I've said this before, and I'll keep saying it: we have to be right every single time, with no delay; they have to get lucky once. The largest data breaches of the last decade were almost universally allowed to happen because there was absolutely no visibility into what traffic should be allowed and what was anomalous, which gave weeks, months, and even years to negative actors seeking the holy grail of information: PCI information.
If you can visualize your traffic, you can analyze it, create policies to protect it, and respond and mitigate in minutes to hours rather than days, weeks, months, or even years. If you follow the Zero Trust model, you can enforce whitelisted policy that will not allow any traffic that isn't specifically allowed by that policy. Mitigation and response become a matter of analytics and reporting rather than lost time, money, and trust.
Thanks for reading!
According to Wawa, the malware operated for months without being detected, from March 4 until December 12, when it was removed from the company's systems.