APT in action: The Heartland breach

Heartland Payment Systems CTO Kris Herrin talks about the attack that changed his views on data security

In late 2008, a group of hackers succesfully broke into the network of Princeton, N.J.-based payment processing giant Heartland Payment Systems. The hackers stole data from more than 100 million credit and debit cards on the company's network that serves the card-processing needs of restaurants, retailers and other merchants.

The hackers spent weeks gathering intelligence on Heartland's networks, systems, corporate structure and employee roles, according to Kris Herrin, the company's chief technology officer. This level of persistence defines the new threat landscape for all businesses today, Herrin says, and dramatically changes how organizations need to think about data security. Security leaders today need to assume their systems and networks are compromised and begin focusing on securing-or getting rid of-the data itself, he says.

We spoke with Herrin about the new threat landscape and how the 2008 breach transformed his outlook on data security.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

To continue reading this article register now

Join the discussion
Be the first to comment on this article. Our Commenting Policies