Target Security Breach Case Study

868 Words4 Pages
Security Principles
As the rise in information sharing outlets gain momentum, so do the reports of the theft or loss of sensitive company and customer information and the theft of intellectual property. Security breaches happen nearly every day and according to Proofpoint Inc., a company that provides professional information security, more than a third of companies fall victim to the unauthorized exposure of information. Businesses not only suffer the loss of data when these attacks occur. Breaches could potentially disrupt the company’s ability to function and compromise their reputation.
Dependence on information technology makes information assurance a key element to keeping businesses safe and there are several principles that should be
…show more content…
You can have the latest most sophisticated security technology, but if your employees are incompetent, that technology is useless. This was exactly the case for one of the most televised security breaches in recent history, the Target breach. Over 350,000 customer’s credit and debit card information were stolen. This was completely preventable. Target failed to segregate the systems payment card data from the rest of its network. An HVAC company that worked for Target had access rights to Target’s network for the purpose of remote energy consumption monitoring. The hackers were able to steal the HVAC company’s login credentials and from there uploaded malware programs on the POS systems in order to collect the credit/debit card information. Half a year prior to this event, Target spends $1.6 million on a high-end anti-malware system called FireEye. This system uses a virtual LAN to trick hackers into thinking they are in the main system and from there automatically takes care of the issue. But how could the system be breached with this sophisticated technology in place? It was turned off. At least the part that automatically takes care of threats. It actually sent out several alerts that were repeatedly ignored. Needless to say Target’s reputation will take a very long time to recover. I would also highly recommend that Swagger take a defense-in depth approach to its security. If one security measure fails, another is likely to detect and destroy it. Not having enough layers to security was the main cause to the SONY Pictures information breach. Terabytes of personal information was taken, the criminals destroyed SONY’s computer information and even threatened the staff. If SONY had the proper layers to their security system such as an alert system, this would not have happened. There

More about Target Security Breach Case Study

Open Document