Increasingly, attackers have been resorting to techniques like hiding stolen data inside legitimate files and encrypting data to evade detection. "They cloak their malware or hide it within seemingly innocuous files so that it's very difficult to detect," she said.
Existing forensics tools are not good enough at finding these attacks within hours, or even days, she said. "And the network and enterprise security tools are not smart enough to detect the hacking ... when it occurs.
"What's needed, and what some tech startups are working on, is behavioral modeling, base-lining and profiling of all nodes and communication ports in an internal network so that abnormal activity and communications can be detected -- even if the activity is only active a few seconds a week," Litan said.
"Of course this is very difficult to pull off without a lot of false positives and noise in the system, but this is what's needed," she added.
Jim Huguelet, principal of the Huguelet Group LLC, a firm that advises companies on compliance with credit card security standards, said the amount of time it took Schnucks to isolate the cause of the breach is longer than is typical.
"This could indicate that the malware was custom-written for Schnucks' environment or utilized unique techniques to hide its existence," he said.
"The number of cards compromised is significant given the relatively small size of the Schnucks chain and just proves that retailers of all sizes must be diligent in their protection of their payment processing systems," Huguelet said.
Schnucks did not respond to a request for comment.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is email@example.com.
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.