Security is largely a game of defense. It means investing time and energy into preventing bad things from happening. Getting it right means making choices to address known, likely events. And then hoping.\tLast year, attacking the memory of point of sale (POS) terminals was considered too \u201ccomplex and sophisticated.\u201d Target, Neiman Marcus, and others are proof that it\u2019s possible.\tDoes that mean it's time to focus on this as a known, likely attack?\tAccording to Ron Gula, CEO of Tenable Network Security, we should. He explained, "Attackers follow the money. POS systems have been targets a lot in the news. There have been skimmers and wifi attacks for the past several years against POS systems."\tWith warnings of more attacks of the same style, the more important question is what, if anything, have you done about it?\tShifting perspective: the importance of detection\tSince writing Into the Breach, my perspective is shifting a bit (read it here). Overlooked on the upside of the Target breach (here) was the speed of the detection. It appears that detection was external.\tWhat about internal detection?\tThe risk of attacking the RAM on POS terminals is at least four years old. More imminent threats surfaced in the last six months. That means internal detection was possible.\tAs "fast" as the external detection was, internal strikes me as a quicker -- and therefore less expensive and embarrassing approach. Even if you weren't looking for it before, there is no excuse to ignore it now.\tTo ease the process, Ron Gula recently posted insights on how to tune detection systems to look for indicators of compromise of the POS terminals (it's a technical read, but packed with insight here).\u00a0\tIs detection just for the big guys?\tIn the wake of large company breaches, smaller organizations falsely conclude their lower profile puts them at less risk.\tRon Gula disagrees and explains that "Every retailer should be concerned. All POS systems are on networks. Anyone on these private POS networks could implant malware or could make a mistake and hook these devices up to the Internet."\u00a0\tRon also pointed out that "'Mom and Pop' shops are also likely to have malware" due to a reliance on insecure Windows systems connected to the Internet."\tThat means that larger shops need to evaluate the tools and techniques to make sure the right information is captured, analyzed and acted on. Smaller shops can either leverage tools like Nessus or work with practitioners that do.\tAllocating attention and resources to detection could make the difference. Use the lessons of others to guide the strategy and investment in your detection capabilities.\tTwo actionable lessons from Target and Neiman Marcus\tSmart security leaders are using the recent breaches to start discussions and ensure their programs are able to handle:\t\t\tPOS RAM attacks: we now have evidence that attackers are exploiting this successfully. And no, chip and PIN would not have prevented this sort of attack (link to my article). Are you now looking for this sort of attack?\u00a0\t\t\tPasswords\/access from systems: instead of focusing on questioning how it happened, consider, instead, how to detect this sort of attack? Ask your team what they would do if discovered early. It might take some work to get those answers squared away.\tAction starts with a conversation\tAn important first step is to have this conversation with your executives and the team responsible for monitoring. Include the team responsible for response, too. Engage in regular, meaningful dialog based on evidence. Retail not your thing?\u00a0The alleged method of compromise through connected systems applies to all organizations.\tAs part of the approach,\u00a0 make sure you\u2019re monitoring at least two things:\t\t\tWhat we\u2019re learning about: attack vectors from public breaches and if you're prepared to detect (and respond) to them\t\t\tWhat you\u2019re worried about: either because it\u2019s high value, or because you realize it\u2019s a vector that hasn\u2019t been addressed yet through prevention\tIn addition to your own efforts (if any), rely on the resources of the industry. Tenable and others routinely share research and insights. Just remember that's the starting point.\tBreaches are part of our fabric now. While prevention remains important, faster detection with the right response is essential.