Can you believe that we’re coming up on the two-year anniversary of the massive 2013 Target data breach? It may not feel that way because we’re still seeing news articles pop up regarding the aftermath of the incident, but it’s true. Comparing Target’s stock price before the breach ($62) and two years after it ($82), it might be tempting to think that the company is breezing through the effects of the one of the most publicized corporate cybersecurity disasters of the decade. However, it’s been a long road to recovery for Target and it’s not over yet. What can we learn from two years of Target’s data breach recovery?
We Finally Have a Clear Picture of the Data Breach Circumstances
The Target data breach has gained notoriety mostly because of the complete PR disaster it created for Target right around the holiday season. Famous security blogger Brian Krebs broke the breach news back in December 2013, revealing that Target had been hiding news from vulnerable customers. The breach was shrouded in mystery for some time before Target got its PR affairs in order and there has still been some confusion even two years later.
The results of a confidential investigation by Verizon into Target’s cyber security situation days after the breach were recently revealed, uncovering many of the data breach mysteries. In hindsight, here’s what happened when Target was attacked:
- Fazio Mechanical, an HVAC company that did work on certain Target locations, was compromised by a phishing attack, enabling attackers to steal VPN credentials for Target (which the company had access to as a third party).
- Attackers were then able to compromise several systems throughout the Target network because of weak/default passwords and poor patch management.
- These weak security defenses resulted in 1,800 PoS registers being remotely hijacked, allowing attackers to siphon credit card data as customers made purchases between November 27 and December 15 of 2013.
What Can You Learn from Target’s Mistakes?
After two years, Target has finally settled its lawsuit with Visa and is working on settling with MasterCard—they are moving on and have become somewhat of a leader in cyber security. Target has bounced back from a brutal data breach that was only partially covered by cyber insurance and there are multiple things to learn from their recovery:
- Hiding the data breach from customers was a PR nightmare. Target turned it around by being open and honest, supporting breached customers throughout recovery.
- Target has $10 million in escrow to settle class action lawsuits and paid approximately $200 million in crisis management after insurance coverage. Crisis management is expensive, but it’s all about the long game—patience is key in the aftermath of a data breach.
- Verizon penetration testers found that once they gained access to Target’s network, it was easy to maneuver to any endpoint in any location and steal sensitive information. Not only were security measures weak, but detection was almost non-existent. Companies of all sizes should make an example of Target and be more prepared for attacks.
Preparation is Key—And It All Starts with Visibility
Target has spent a fortune updating their PoS registers and bolstering their cyber defenses—even going so far as to create a top-of-the-line cyber fusion center. If there’s one thing to learn from the Target breach, it’s that preparation is key. Preparation requires you to provide your security appliances with 100% network visibility, knowing your baseline traffic and being able to continuously spot deviations from the norm.
The only way to ensure 100% network visibility is to implement network TAPs when connecting security appliances. Learn from Target’s 2013 mistakes—invest in the right security appliances and enable them to see the traffic necessary to protect your network.