In late 2013 Target was hit with a major credit card fraud malware attack when hackers gained access to their network through the corporation’s HVAC vendor Fazio, who had been given external access for business purposes.
What may have been a standard process for providing vendor access just a few years ago became a major security oversight for Target, costing them millions of dollars in damages and upgrades to their systems after the fact.
So why did it take Fazio so long to detect the email malware infection? Because their anti-malware solution was a low-grade, free version, a level of security far below Fazio and Target’s needs. In the end, it didn’t matter how good Target’s antimalware was; what mattered was how poor their vendors was.
Only relying on tools (whether free or paid-for) without an adequate review of their usage, efficacy or the role they’ll play in your security operations is just as illogical as trying to be your doctor. A few people are qualified to do self-diagnosis, lab testing, and prescription, but for most of us, it’s far cheaper, safer and more reliable to see a trusted doctor, get the proper tests done, rule out false negatives and get good prescriptions.
As of this year, Target has reported that the costs associated with the data breach are approaching $300 million, according to datasecuritylaw.com. What’s worse, less than one-third or about $90 million is expected to be covered by cyber insurance.
In the end, this ordeal will cost them more than $210 MILLION!
So what can be learned from Target and Fazio?
- Don’t give vendors unfettered access to your systems
- Segregate networks
- Isolate critical systems
- Review your cyber insurance
- Investigate tax advantages for mitigating the penalties
- Implement a proper crisis management team & response plan
- annually review your cyber security posture (tools, usage, plans)
- Implement two-factor authentication for critical systems and vendors
- Work with seasoned professionals…
Our clients enjoy success, security practices they can rely on and a competitive advantage in their industry because we know the cybersecurity industry better than most. Why not find out what we can do for you?
Ensure your business’ cybersecurity by partnering with Brainlink. Get in touch right away at (917) 685-7731 or firstname.lastname@example.org to get started.