The Target Breach – You Are Only as Secure as Your Partners Are
- Importance of supplier management
What many companies fail to understand is that, cyber security isn’t only isolated to your company and data systems. Not only is your firm’s security crucial, your fellow partners must be protected as well. Any vendor, so long as it has a link or assess to your firm’s data, is a potential entrance point for a breach. Target learnt this the hard way. It is the same principle as safe driving. It only requires one single driver to not abide by the rules for an accident to occur, even if everyone else abides with all the safety procedures and precautions.
- Proper network segmentation and protection practices
This is a lesson in network protection and segmentation. Had Target employed proper network segmentation practices and followed up to ensure that practices were followed for all its partners, attackers wouldn’t have been able to leverage on the third-party access to gain a foothold in Target’s network. In addition, Target failed to properly isolate its most sensitive network assets, as a result, the attackers were able to move from less sensitive areas of Target’s network to systems storing confidential consumer data. In the unfortunate event that a breach has occurred, it is crucial to contain the breach and isolate it and prevent attackers from assessing other parts of the system. There needs to be walls and layers of protection between systems.
- Activity monitoring and incompetence of security team
Target was actually prepared in terms of cyber security. In fact, in May 3013, a $1.6 million malware detection software by high profile computer security firm FireEye (whose companies include CIA and Pentagon) was installed. A FireEye team monitored Target’s system around the clock and reported the activity to Target’s security team. However, the FireEye’s feature of eradicating malware was turned off as mistrusted by Target security personnel.
- Impaired firm reputation
Target was hit with over 90 lawsuits related to the massive data breach. The brand plummeted from #7 to #21, out of the top 10, as the “best-perceived brand among consumers”. Also, Target’s CSR score – a measure of the enterprise dimensions of reputation that include ‘workplace,’ ‘governance,’ and ‘citizenship’ – fell dramatically as well, the largest drop among any US retail company in the same time frame.
- Stock value slides
The stock experienced a 10% drop in price in the aftermath of the security breach.
- Dismissal of staff and internal instability
In January 2014, two months after the breach, Target lays off 475 employees at its headquarters in Minneapolis and worldwide and leaves another 700 positions unfilled.
Enjoyed this article? Curious to find out how you can better protect your organization, data systems and critical accounts in the event of a cyber-attack? Contact us now for an in-depth consultation to obtain cyber security measures best tailored for your needs. MWG team will work with your employees, train and guide them in adopting the appropriate cyber security skills in their work processes.