535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

December 04, 2015

Target's 2013 Data Breach: A Scar That Won't Fade Any Time Soon

Forget the ghosts of Christmas past, present and future from Charles Dickens’ “A Christmas Carol”; the holiday ghouls that business owners and IT administrators alike should be paying close attention to this year for reasons related to cybersecurity could very well be their own employees.

The concept that employees could be the weak link in corporate security rocketed into the national consciousness in 2013, when Target suffered one of the worst data breaches in history after hackers gained access to an employee’s credentials.Now, two years later, the massive incident, which exposed the phone numbers, names, mail addresses, email addresses and payment card data of about 70 million customers, still haunts corporate America.

How did the breach occur? Reports about the breach may have led you to believe the Target security vulnerability was its point-of-sale (PoS) system. The truth, however, is that this was merely the site from which the hackers obtained the sensitive information.

The real portal to the criminal break-in originated with an employee associated with Target.

As explained in a recent ZDNet article, the breach actually stemmed from a successful phishing attempt aimed at an employee for one of Target’s third-party vendors, Fazio Mechanical, by password-stealing bot Citadel. Citadel gained the Fazio employee’s authentication credentials, hacked into Target’s network and commandeered its servers. This is what opened the door for an easy series of attacks against the company’s in-store PoS system.

As you can see, Target’s vendor was responsible for the data breach, yet Target will forever have to bear the infamy of the incident.

This case is a stark reminder that data breaches can easily result from user errors, such as when employees click on harmful links, open virus-laden email attachments or respond to a phishing email with personal information. Therefore, end users must receive proper training to avoid putting an entire organization at risk.

With this in mind, remember that cyberattackers will be out in full force this holiday season. So consider this a warning from the Ghost of Christmas Present to train your employees how to stay safe online.

Click here to learn more about how Apex Technology Services can assist with its dedicated cybersecurity training program.


Related Articles