Almost everyone that’s in a security role in organizations other than those at Global Payments probably expressed a big sigh of relief along the lines of, “Boy, am I glad it wasn’t me.”

In case you missed the news, see:

Breach Hits Card Processor Global Payments at the WSJ

MasterCard, VISA Warn of Processor Breach at Krebs on Security

And for all we know, some folks in the security-know at Global Payments might even be whispering, “We told you so…”

If this sounds like you, it probably is.

Recent discussions with some CSOs and CISOs indicate it may be time to reevaluate the current approaches to detecting vulnerabilities, infections, and threats, if what happened at Global Security is beyond normal due-diligence and practice.

Some of these people have said that their Web-applications and systems are routinely infected and trying to pretend otherwise is simply foolish and blind. These same people say what’s needed is something that can easily be used by normal systems and network administrators that will readily identify the proverbial needles-in-the-haystacks – in-situ – and allow rapid decisions so as to tackle the highest risk problems.

If this sounds like you, it probably is.

If you’re like these people, it may be time to think beyond the problem that surfaced at Global Payments today, re-think how we can effectively use our resources and avoid the hidden needles from causing more damage. If your networks are already infected and you can’t triage them effectively and fast enough today, then how will you climb-out from behind this potentially no-win posture?

Let us know what you think these might be and we’ll share what we find out.