TK Maxx ruling prompts sales pitch

Security resellers have been urged to use the conclusion of the TK Maxx theft case to cash in on potential opportunities in the retail sector.

The US Department of Justice this month charged 11 conspirators for their part in the “largest hacking and identity theft case ever prosecuted”.

The culprits captured information on up to 100 million debit and credit cards, including those of customers of TJX, the parent company of UK clothing giant TK Maxx.

The ruling immediately sparked fears that UK retailers are leaving themselves open to similar attacks.

Dominic Storey, EMEA technical director at intrusion prevention (IPS) vendor Sourcefire, said: “The TK Maxx story is quite insightful. They had IPS and firewalls and they were not stupid, but they did not have a way of checking what was changing on their networks.”

He also advised VARs to assume a three-dimensional approach to prevent similar breaches occurring.

This comprises protection not only against bad people, but also against bad traffic and bad configurations, he said.

“Our message to the channel is to educate customers that they need to think in three dimensions and look at products and solutions that can deal with each aspect of the threat landscape,” Storey explained.

Graham Jones, UK managing director of security integrator Integralis, said: “Horror stories such as this help us. But we are already running many Payment Card Industry (PCI) advice workshops, so most of the retailers we work with are up to speed.”