Assignment

Case Study 5 –– Cyber Breach at Target

By: Sanjana Jaiswal

Question 1. What’s your diagnosis of the breach at Target – was Target

particularly vulnerable or simply unlucky?
Answer: The attack was initiated by a phishing email campaign against the target
vendor Fazio Mechanical Service. Information about Target's Vendors was publicly
available online. Fazio was using the free version of a security product called
Malwarebytes Anti-Malware which results, attackers easily hack its system.
Also, the target did not monitor Fazio's security arrangement hence using Fazio's
credentials hackers gained access to Target's network for electronic billing, Project
management, and contract submission.
The target could have required two-factor authentication which was PCI standard for
remort access by third parties.
Also, there is a common route between the network for the outside contractor (like
Fazio) and the network for payment data. which is the main source on which the
hackers gained access to sensitive customer payment and personal data.
Target is particularly vulnerable as he ignores most of the security warning given by
many firms. Also, Target did not monitor its Vendors security arrangement.

Question 2. What, if anything, might Target have done better to avoid being
breached? What technical or organizational constraints might have prevented
them from tacking such actions?
Answer: FireEye. Inc a firm that provided a Malware detection tool to the Target
was also a security specialist in Bangalore initially raised an alert of an attack right
after the Black Friday shopping season, in November.
The FireEye team continuing sending an electronic alert to Target's in-house
security team in Minnesota which indicates the disclosure of malware interruptions
but that had not been activated yet.
On December 2, when malware started extracting the customer data to the
hackers, the FireEye teams from India alerted the Target security team, but get no
response.

This study source was downloaded by 100000869071362 from CourseHero.com on 11-13-2023 21:00:19 GMT -06:00

https://www.coursehero.com/file/100828963/Case-Study-5-Cyber-Breach-at-Targetdocx/
 The breach could have been stopped before without any human intervention.
because the system has an option to automatically delete the malware as soon as
it's detected. But Targets' security team has turned off that function.
If the Target security team takes FireEys's warning seriously they could avoid being
breached. Also, the target has missed the functional opportunities which were
inbuild in the system.

Question 3: What’s your assessment of Target’s post-breach response? What did

Target do well? What did they do poorly?
Answer: Target executives met with the Department of Justice and the US Secret
service, and on December 14, Target hired a third-party forensics team to
investigate the breach.
Target began removing the malware from its system and the attackers started losing
access to the Target network, On December 19, Target alerted authorities and
financial institutions immediately after its aware of the attack.
Target offered free credit and theft monitoring for affected customers for a year and
reassured customers that they would not be legally responsible for any fraudulent
charges resulting from the breach

Question 4 : To what extent is Target’s board of directors accountable for the

beach and its consequences? As a member of the Target board, what would you
do in the wake of the breach? What changes would you advocate?
Answer: The attack and Target's response exposed the company to intense criticism
and raised a question about the accountability of Target's board of directors and
the auditing committee and corporate responsibility committee that were
responsible for both the operational and reputational risk.
Senator Richard Blumenthal, a committee member stated " In future, at some
point, the CEO and the board of directors have to take responsibility. Shareholders
of Target filed derivative lawsuits against all directors on the firm’s board of
directors and against the CFO and CIO, By virtue of their fiduciary duties, the
directors were required to create and maintain a system to protect customers’
personal and financial information, as well as to inquire into and correct unsound
practices.

This study source was downloaded by 100000869071362 from CourseHero.com on 11-13-2023 21:00:19 GMT -06:00

https://www.coursehero.com/file/100828963/Case-Study-5-Cyber-Breach-at-Targetdocx/
 The Lawsuits stated that the directors breached their fiduciary duty by failing to
implement controls to protect consumer data.
Shareholder claimed that the directors' negligence caused a waste of corporate
assets, as the firm lost revenue, had to offer a 10% discount to draw customers
back to the store and faces upcoming litigation expenses.

Question 5: What lessons can you draw from this case for prevention and
response to cyber breaches?
Answer: It is better to stop something bad from happening than it is to deal with it
after it has happened.
lessons I draw prevention and response to cyber breaches
-Target could have to monitor its vender services
-Target could have to check the security warning by anti-intrusion partner.
- Target could have stopped the breach if the target uses the Malware detection
system properly. there were multiple warnings from the company's anti-intrusion
software which were ignored by the target.

Question 1: Identify the most important facts surrounding the case.

Answer:
 Target was continuously ignoring the security warning from its security
provider team.
 Target network was not segregated for the outside contractor (like Fazio) and
the network for payment data.
 target did not monitor Fazio's security arrangement hence using Fazio's
credentials hackers gained access to Target's network
 system has an option to automatically delete the malware as soon as it's
detected. But Targets' security team has turned off that function.

Question 2: Identify the key issue or issues.

Answer: - Target should have required vendors to closely monitor the integrity of
their critical system files
- .Target could have created stronger firewalls between its internal systems and
external system.
- According to the Payment Card Industry Data Security Standard (PCI-DSS)
standards Target need two-step authentication for remote access to payment

This study source was downloaded by 100000869071362 from CourseHero.com on 11-13-2023 21:00:19 GMT -06:00

https://www.coursehero.com/file/100828963/Case-Study-5-Cyber-Breach-at-Targetdocx/
 network but target fails to do that if the data is properly encrypted in transit and at
rest, it shouldn't be of any use to attackers.

Question 3: Specify alternative courses of action.

Answer: In order to prevent target from breached Target should have take
following step
- Target should have to train their employee security principles
-Target should have to Protect the costomer information, computers and networks
from cyber attacks
-should provide firewall security for your Internet connection

Question 4: Evaluate each course of action.

Answer: To deal with a situation. Target offered free credit and theft monitoring
for affected customers for a year and reassured customers that they would not be
legally responsible for any fraudulent charges resulting from the breach

Question 5: Recommend the best course of action.

Answer: the actions to be taken by target after the breach
-Target hired a third-party forensics team to investigate the breach.
- Target began removing the malware from its system and the attackers started
losing access to the Target network,
- Target Communicate with its user.

This study source was downloaded by 100000869071362 from CourseHero.com on 11-13-2023 21:00:19 GMT -06:00

https://www.coursehero.com/file/100828963/Case-Study-5-Cyber-Breach-at-Targetdocx/
Powered by TCPDF (www.tcpdf.org)