Home > Security > What happened to Target – Part 2
What happened to Target – Part 2
Loyalty comes from strong security.

What happened to Target – Part 2

In part one of this series I talked about what was arguably the biggest cybersecurity story of last year, the retail breach of Target. In the so-called “year of the breach,” the Target incident loomed larger than the rest not only because of its number of victims, but because it happened at the very beginning of the year. For most consumers, the Target breach was the first indication that hackers are more powerful and ambitious than ever before, taking on big business and walking away unscathed. The U.S. Secret Service reports Target was one of 1,000 retail breaches detected in the last year. Despite all of this gloomy news, one undisputable fact remains: None of these breaches ever had to happen.

How the situation could have been avoided

One of the keys to preventing these types of intrusion lies with a well architected network that isolates high-value POS systems from other lower value systems like HVAC and inventory management systems. Any network that handles sensitive data needs to incorporate strong principles of segmentation. Many retailers fail to embrace segmentation and criminals have repeatedly taken advantage of this key weakness.

Anatomy of a cybersecurity attack

After copying the credit card data, the hackers sent it to servers they controlled.

With strong network segmentation in place, hackers would have had a much harder time causing such a massive breach by simply stealing network credentials belonging to a third party HVAC contractor. Not only does network segmentation reduce retailer risk, but it’s also a requirement. If your network doesn’t have the proper segmentation outlined in the PCI Standards Council’s rulebook, it’s not compliant. Merchants out of compliance face fines and loss of credit card processing privileges – and those penalties are no walk in the park.

Let’s review the basics again: First, criminals breached a third-party HVAC company with ties to Target. Then, they used this third-party access to gain administrative privileges to Target’s network. Then they unleashed a sophisticated strain of POS malware that copied customer credit card data in the instant before it became encrypted. That stolen data then made its way into criminal hands.

Implementing solutions for your business

No business wants to become the next high profile breach victim. Target was able to weather the storm was due to its size. Most small to medium size enterprises would find it difficult to weather a breach.

Limit your risk by knowing what the hackers know: The first step to defending against cybercrime is to acknowledge that invincibility simply isn’t possible. If there’s one thing we’ve learned over the past 20 years, it’s that there’s no such thing as a 100 percent hack-proof business. One key move toward becoming as secure as possible is to understand your company’s security vulnerabilities. Hackers often conduct recon operations looking for the most vulnerable enterprises before they launch attacks. If you don’t have the resources on your IT staff to conduct a vulnerability assessment, consider partnering with a third party. Once you have a security baseline, you can make a plan to address vulnerabilities before hackers exploit them.. Then, make sure you’re PCI compliant, and if you’re not, pursue the solutions that will get you there.Fortunately, there are steps companies of all sizes can take to ensure that they don’t become the next victim of a hack. Here are some of them:

  • “With EarthLink Managed Security Services, your company can protect its IT environment in order to minimize risk.”

    Invest in Managed Security ServicesYour business’s IT department very likely can’t do all the work of securing the company alone. Fortunately, your business has a partner in EarthLink. With EarthLink Managed Security Services, your company can protect its IT environment in order to minimize risk. It’s best to look at every function your company carries out and assess whether or not it is secure. If your company integrates mobile devices into its business environment, then you’ll need a mobile device management solution too. Devising the best security service for your business is all about realizing your individualized needs. When it comes to security, there’s no one-size-fits-all solution. Fortunately, understanding your company’s individual needs is our specialty here at EarthLink. and we’re here to help.

  • Ensure network security: Security experts concur that if retailers had put more effort into securing their network and responding more quickly to security alarms, many breaches could have been avoided. But there’s no reason why you have to to be a victim too. So make an effort to keep your business connected safely. This starts by making sure the WiFi you offer in-store is not only convenient, but also safe for customers to use. It’s also very important to make sure that any information traveling over your network is secure. Fortunately, this is something EarthLink’s Multi-Protocol Label Switching (MPLS) solution is designed for.If you missed Part 1 of what happened to Target, and what the hackers did to steal the information from their terminals, you can get there here. 
Cybersecurity Solutions

EarthLink doesn’t just keep you compliant – it goes beyond that by offering professional services that make your enterprise’s network as safe as possible. From patching vulnerabilities to securing your company’s remote workforce, EarthLink has you covered.

About Peter Chronis

Pete is the EarthLink's information security and IT compliance leader. He has over 15-years of experience using technology to manage risk in the telecommunications, healthcare, retail, financial and IT services industries.