Critical Lessons Learned from Last Year’s Target Data Breach

In March, the United State Senate Committee on Commerce, Science, and Transportation issued an analysis of last year’s massive data breach by Target, which affected upwards of 100 million customers, cut the company’s Q4 2013 profits by 50 percent, and resulted in the ouster of both its CIO and CEO.

The main finding of the analysis shocked some technology insiders, though: the key source of the breach came when Target granted network access for electronic billing, contract submission, and project management to a third-party vendor: Fazio Mechanical Services, a medium-sized HVAC company based in Pennsylvania that, like many companies, suffered last year from an email-based malware attack.

This allowed cyber-attackers to access Target’s internal network; install malware on a majority of the company’s in-store point-of-sale (POS) systems; collect unencrypted credit and debit card information before it was transferred to a payment processing provider; compromise other servers and firewalls so the stolen data could be moved through them and dumped on external FTP sites; and then sell the critical data via online black market forums called “card shops.”

Of course, the HVAC company in question wasn’t entirely to blame. Target failed to respond to numerous automated warnings from its FireEye anti-intrusion software — and didn’t allow it to automatically delete the malware as the software is designed to do.

 How does this affect your business and its IT environment? In two ways:

1) Recognize the threat of malware. If Fazio Mechanical Services hadn’t fallen prey to an email-based malware attack, the Target data breach may have never occurred. According to a threat report by security firm Check Point, in 2013, a new and unknown malware attack originated every 27 minutes. The leading email attachment file format used to infect computers was PDFs, which accounted for 35 percent of all infected file types. The bottom line? Do NOT click on any email attachment or embedded link unless you trust the sender or source and are expecting said attachment.

2) Give your systems the proactive security blanket they deserve. Here’s a direct quote from a 2011 Lockheed Martin Computer Incident Response Team white paper cited by the US Senate analysis of Target’s data breach: “Instead of installing static defense tools and waiting for the next attack, network defenders should continuously monitor their systems for evidence that attackers are trying to gain access to their systems.”

Luckily, implementing this kind of prevention lies directly within your control. At CMIT Solutions, we specialize in proactive system monitoring and management, security best practices, top-flight data encryption, backup and disaster recovery, business continuity, email archiving, and a host of other services crucial to surviving (and thriving) in today’s complicated IT world.

 Want to avoid email-based malware, protect your data from system intrusion, and NOT be responsible for a large corporate client’s widely publicized breach? Contact CMIT Solutions today so we can keep your business up and running, productive, and as secure as possible.

To contact Rick Megni, CMIT Solutions of Northern Chester County, please call 484.944.0019; email rmegni@cmitsolutions.com; and visit www.cmitsolutions.com/nochestercty.

 

like0