There has been many speculations that the famous Target cause could've been easily maintained and handled better. However, just as most people know, it wasn't handled well at all, instead it blew up and made a big mess for Target. The question here is, what exactly happened that caused this security breach to happen in such a well grounded company?
Let's first get some background information. According to most sources the hack affected over 10 million customers that had an account with Target between the timespan of November 27- December 15, 2013. When a cnet reporter spoke to several of Target's former employees it came to light that actually Target did have a very sophisticated 1.6 million dollar malware detection system in place designed by security firm FireEye. This design was set up specifically to find any intrusions that might have tried to exploit the program (intrusions such as hacks and cyber attacks), before any real damage could be done to the heart of the system. The security system is actually a very clever one. It utilizes parallel networks so that to the hacker it's like seeing a doppelgänger, but they still wouldn't know which one is the real one. The security system creates a parallel network on virtual machines which leads hackers to believing that they have actually accessed the real system. In this way the "fake" system will be made aware of the problems before it actually gets anywhere in the "real" system, since every single step the hacker has taken to hack the system would be seen.
Now, we know that there actually was sound security in place. So, does that mean the monitoring system was down, or that notification wasn't sent early enough? According to some trusted sources this was not the case- in fact there was a team of professionals specializing in security set up in Bangalore monitoring the entire Target network servers. When they found the intrusion they immediately notified operators in Minneapolis that a problem was detected. However, the problem seems to have arisen from the fact that the function to automatically delete malware upon detection was turned off, so therefore a person needs to go in and manually remove the malware. The drawback to this is that sometimes decisions will not be made quick enough, and by then it may be too late.
In the end it almost seems like it was a chance of fate. No matter how one is to look at it, there were too many circumstances that led up to this. The fact that one unsophisticated little malware triggered such a large storm is almost unimaginable unless a set, a very specific set of things were to happen. Whatever the case may be Target presently faces many potential class action lawsuits and actions from banks as they demand millions for reimbursements and losses from credit card replacement and fraud.
It has yet to be seen what will happen to Target in the future, but for other corporations it would be wise to learn a thing or two from this Target incident. More corporations should be more aware of what kind of malicious code comes floating into their network, and at the same time they should know that to act fast is to be safe.
No comments:
Post a Comment