APT in action: The Heartland breach

Heartland Payment Systems CTO Kris Herrin talks about the attack that changed his views on data security

In late 2008, a group of hackers succesfully broke into the network of Princeton, N.J.-based payment processing giant Heartland Payment Systems. The hackers stole data from more than 100 million credit and debit cards on the company's network that serves the card-processing needs of restaurants, retailers and other merchants.

The hackers spent weeks gathering intelligence on Heartland's networks, systems, corporate structure and employee roles, according to Kris Herrin, the company's chief technology officer. This level of persistence defines the new threat landscape for all businesses today, Herrin says, and dramatically changes how organizations need to think about data security. Security leaders today need to assume their systems and networks are compromised and begin focusing on securing—or getting rid of—the data itself, he says.

A clear-eyed view of APT (CSO Insider digital spotlight)

We spoke with Herrin about the new threat landscape and how the 2008 breach transformed his outlook on data security.

CSO: Tell us what tactics hackers used to successfully infiltrate Heartland's systems.

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.