Outline the security breach at Target.
The hijacker first gained entry into the system through a third-party vendor, Fazio Mechanical Suppliers, who were given credentials to conduct digital transactions such as electronic billing (Planchikova & Maurer, 2018). When the company experienced a cyber-attack, malware was installed into their system through email phishing, probably Citadel, stealing client details from their portal. Target’s hosted web service platform for third-party vendors provided a route for hackers to infiltrate Target’s system and steal customer credentials. Additionally, other vulnerabilities in Target’s systems, such as the use of weak passwords, facilitated the hijack.
Describe how Target became aware of the security breach.
However, since the hack involved stealing credit card information, it was prone to get discovered (Ferrel, 2017). Consequently, it was immediately detected by the security operations wing based in India and reported to the head office in Minneapolis, but no interventions were initiated. The hackers took advantage of this and created a new Domain admin terminal used to manipulate the customer’s activities as they took control of the passwords. Once sole control was obtained, the hackers managed to access the PIN of customers but, fortunately, could not access the credit cards since they were not stored in the database. The hackers, therefore, identified the Point of Sale systems as the next target. Using data gathered from the reconnaissance phase, the malware scanned the credit cards from compromised POS systems and saved the data. Using customized tools, the copied data was shared to various access points from where the hackers retrieved them at will and used them for their malicious intent. Consequently, Target issued a statement that over 70 million of its clients had been affected by the breach.
The breach was first brought to Target’s attention at the contemporary stages through India’s system security monitoring section. However, no action was taken, and even after the second alert, Target still chose to take no measures. It was not until the U.S. Department of Justice contacted the company on the possibility of a breach that official investigations were launched on the issue. At this point, a detailed security audit discovered the actual extent of the breach, indicating that close to 70 million clients’ information had been compromised.
Examine the security breach’s impact on Target’s customers.
Firstly, the customers’ trust in the company to protect their personal information is jeopardized, leading to a possible efflux of the clientele base (Janakiraman et al., 2018). Therefore, such an occurrence is prone to sabotage the business operations as the instilled fear will make them seek more secure options. This is evidenced by the 1% decrease in the company’s revenue in the aftermath of the breach. Ultimately, this throws the business into a financial abyss that may take time to recover from.
Secondly, customer data obtained during a breach leaves them vulnerable to extortion. This may be achieved by blackmailing the customers to pay the criminals to regain their personal information. Personal details such as emails and addresses may also be used in criminal activities such as identity theft. When not resolved amicably, it exposes the customers to possible harassment by law enforcers through mistaken identity in establishing suspects involved in criminal activities committed by the hackers. Another scenario may involve selling the information stolen on the dark market, violating the customer’s privacy completely.
Recommend security controls that could have been implemented to prevent the data breach from occurring.
Limited access to valuable data: Even after ensuring PCI compliance, the system may still be vulnerable to breach, which may be used to access very valuable information to initiate a hack (Stallings, 2018). Therefore, it is prudent to limit access to information by several parties; for example, the access by Fazio Company on the details during billing could have been eliminated, hence creating a hurdle during hacking.
Insisting on third-party vendor security compliance: A cyber-attack initiated the breath on a third party, Fazio Company. The investigations later established that it did not entirely comply with the security protocols. By conducting a stringent background check on the third-party vendor’s compliance, Target could have identified the lack of compliance and opted out of the contract, eliminating the highway for the data breach.
Developing and adhering to a cyber-breach response initiative: Target may have developed a suitable breach monitoring system, but the adherence to the alerts, thereby initiating relevant investigative procedures, was poor. By acting on the initial alerts, the hack could have been thwarted at its contemporary stages, thereby protecting clientele information.
Research how the data breach at Target affected Target’s and other companies’ security practices.
Fundamentally, the breach acted as an eye-opener that PCI compliance alone was not effective in avoiding cyber-attacks. Therefore, the security protocols were leveled up, evidenced by several measures sought in the aftermath of the breach. First, Target invested in the conceptualization of the first Cyber Fusion Centre. This was aimed at beefing up the security levels, thus preventing the occurrence of similar events. Secondly, chip readers were added on credit cards to complement the use of PIN to increase each card’s signature security. This makes less likely the event of counterfeit and stolen card information. Conclusively, the breach acted as a wake-up call to Target and other companies.
Ferrell, O. C. (2017). Broadening marketing’s contribution to data privacy. Journal of the Academy of Marketing Science, 45(2), 160-163.
Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The effect of a data breach announcement on customer behavior: Evidence from a multichannel retailer. Journal of Marketing, 82(2), 85-105.
Plachkinova, M., & Maurer, C. (2018). Security breach at target. Journal of Information Systems Education, 29(1), 11-20.
Stallings, W. (2018). Effective Cybersecurity: A Guide to Using Best Practices and Standards. Addison-Wesley Professional.
We’ll write everything from scratch
Security Breach at Target
In this assignment, you will read the article, “Teaching Case: Security Breach at Target.” Then you will write a 3–4-page case analysis in which you:
- Outline the security breach at Target.
- Describe how Target became aware of the security breach.
- Examine the security breach’s impact on Target’s customers.
- Recommend security controls that could have been implemented to prevent the data breach from occurring.
- Research how the data breach at Target affected Target’s and other companies’ security practices.
- Go to Basic Search: Strayer University Online Library to locate and integrate into the assignment at least three quality, peer-reviewed academic resources, written within the past five years.
- Include your textbook as one of your resources.
- Wikipedia and similar websites do not qualify as quality resources.
Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."