May 2017: The Month of Security Fail

As this month comes to a conclusion, the known implications of the WannaCry ransomware outbreak have resulted in organizations still scrambling to ensure the necessary Windows patches are in place before the next permutation of this exploit is released into the wild.  For those who prefer a Linux environment for file sharing and storage, a similar vulnerability was discovered to be lurking in Samba for seven years.  Patch management must always be part of everyone’s standard operating procedure when it comes to utilizing technology.  The fine folks at Synology have already released a patch to ensure the Samba implementation on their devices will no longer be vulnerable to this errata.

When vendors take responsibility and quickly address these types of issues, the relationship built between customer and supplier is further solidified.  Over the past few years, many brick and mortar retailers have failed to prevent the types of breaches that manifested and persisted over extended periods of time due to malware leveraging unpatched exploits.  The whipping boy of this week happens to be Chipotle Mexican Grill.  It’s a shame that there aren’t any reference case studies or peers within the retail industry that would have information relating to best practices to prevent this type of incident from occurring again.  Oh wait… there are.

The fine folks at Home Depot owned their mistake and provided credit monitoring services for customers that were affected during a comparable breach in 2014.  Chipotle’s take?  They’re opting to kick the can and are more than happy to provide links where customers can request free reports, but they’re not willing to “own” their mistake as T-Mobile, Home Depot, Wendy’s, and any other retailers that place the appropriate value upon its customer base have done.  For the new 2017 premium customers pay for “quality ingredients” and “an ethical supply chain”, it would be far more beneficial to include a side of proactive security and monitoring at no additional cost.

Based on the response for this event, if you still enjoy the food and want to support the company that won’t support its inconvenienced customers (scope of inconvenience will manifest as the payment data that was stolen is abused), we’d strongly recommend one of the following options:

1.) Old school payment methodology:  Cash is king, and the risk of your payment information being stolen or misused quickly trends to zero.

2.) Gift cards:  Visit your local retailer that sells Chipotle gift cards and use a cash-back credit card at this non-Chipotle retailer to obtain an alternate form of currency that doesn’t require cash or a trip to the ATM.  The rewards program at the retailer of choice may be combined with another incentive program to further stretch your dollar while reducing the risk of exposing your payment information.