Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image.png

TAP Into Technology

Leading the Way in Network Technology

The Target Data Breach—What Two Years Can Teach Us

Posted by Chris Bihary | 11/24/15 6:00 AM

Can you believe that we’re coming up on the two-year anniversary of the massive 2013 Target data breach? It may not feel that way because we’re still seeing news articles pop up regarding the aftermath of the incident, but it’s true. Comparing Target’s stock price before the breach ($62) and two years after it ($82), it might be tempting to think that the company is breezing through the effects of the one of the most publicized corporate cybersecurity disasters of the decade. However, it’s been a long road to recovery for Target and it’s not over yet. What can we learn from two years of Target’s data breach recovery?

We Finally Have a Clear Picture of the Data Breach Circumstances

Target Data BreachThe Target data breach has gained notoriety mostly because of the complete PR disaster it created for Target right around the holiday season. Famous security blogger Brian Krebs broke the breach news back in December 2013, revealing that Target had been hiding news from vulnerable customers. The breach was shrouded in mystery for some time before Target got its PR affairs in order and there has still been some confusion even two years later.

The results of a confidential investigation by Verizon into Target’s cyber security situation days after the breach were recently revealed, uncovering many of the data breach mysteries. In hindsight, here’s what happened when Target was attacked:

  • Fazio Mechanical, an HVAC company that did work on certain Target locations, was compromised by a phishing attack, enabling attackers to steal VPN credentials for Target (which the company had access to as a third party).
  • Attackers were then able to compromise several systems throughout the Target network because of weak/default passwords and poor patch management.
  • These weak security defenses resulted in 1,800 PoS registers being remotely hijacked, allowing attackers to siphon credit card data as customers made purchases between November 27 and December 15 of 2013.

How to Guide: Optimizing Network Design in Security Projects

What Can You Learn from Target’s Mistakes?

After two years, Target has finally settled its lawsuit with Visa and is working on settling with MasterCard—they are moving on and have become somewhat of a leader in cyber security. Target has bounced back from a brutal data breach that was only partially covered by cyber insurance and there are multiple things to learn from their recovery:

  • Hiding the data breach from customers was a PR nightmare. Target turned it around by being open and honest, supporting breached customers throughout recovery.
  • Target has $10 million in escrow to settle class action lawsuits and paid approximately $200 million in crisis management after insurance coverage. Crisis management is expensive, but it’s all about the long game—patience is key in the aftermath of a data breach.
  • Verizon penetration testers found that once they gained access to Target’s network, it was easy to maneuver to any endpoint in any location and steal sensitive information. Not only were security measures weak, but detection was almost non-existent. Companies of all sizes should make an example of Target and be more prepared for attacks.

Preparation is Key—And It All Starts with Visibility

Target has spent a fortune updating their PoS registers and bolstering their cyber defenses—even going so far as to create a top-of-the-line cyber fusion center. If there’s one thing to learn from the Target breach, it’s that preparation is key. Preparation requires you to provide your security appliances with 100% network visibility, knowing your baseline traffic and being able to continuously spot deviations from the norm.

The only way to ensure 100% network visibility is to implement network TAPs when connecting security appliances. Learn from Target’s 2013 mistakes—invest in the right security appliances and enable them to see the traffic necessary to protect your network.

 

Topics: Hacks and Data Breaches

Written by Chris Bihary

Chris Bihary has been in the network performance industry for over 20 years. Bihary has established collaborative partnerships with technology companies to complement product performance through the integration of network test access points. Previously, Bihary was Managing Partner at Network Critical.