In late 2008, a group of hackers succesfully broke into the network of Princeton, N.J.-based payment processing giant Heartland Payment Systems. The hackers stole data from more than 100 million credit and debit cards on the company's network that serves the card-processing needs of restaurants, retailers and other merchants.
The hackers spent weeks gathering intelligence on Heartland's networks, systems, corporate structure and employee roles, according to Kris Herrin, the company's chief technology officer. This level of persistence defines the new threat landscape for all businesses today, Herrin says, and dramatically changes how organizations need to think about data security. Security leaders today need to assume their systems and networks are compromised and begin focusing on securing-or getting rid of-the data itself, he says.
- Introduction: A clear-eyed look at APT
- In depth: What does APT really mean?
- APT in action: The Heartland breach
We spoke with Herrin about the new threat landscape and how the 2008 breach transformed his outlook on data security.