Target missed the signs in a big way
In the weeks leading up to Target’s massive payment information breach, the company had invested a tremendous amount in anti-malware software to protect their information systems, initiated the program, and then admittedly ignored the warnings generated by the new system, according to Businessweek.
It appears that Target could have put a stop to the breach that made over 40 million shoppers’ credit card information vulnerable.
Six months prior to the attack, Target installed a new security system made by a FireEye, a company that provides security software not only to the Pentagon, but to the CIA. Yeah, that good. So what on earth happened at Target that the system would generate warnings and they would be ignored?
Businessweek reports that Target had a team of analysts in Bangalore, India, who watched the network during the hours that corporate headquarters was closed in Minneapolis. The analysts in India noticed when the hackers’ program for extracting the data to staging points in the U.S. was being installed and uploaded, the malware was flagged.
So how did this slip by?
Sources say the Indian analysts notified Minneapolis, but there was no action taken after the issue was reported.
The FireEye system worked as designed, sending a malware alert when the hackers uploaded different version of the program. What is curious is that the system can automatically delete data that it flags as a threat, but Target had things set up so a human had to make the final decision manually.
Which makes sense.
But no human dealt with the problem, despite being flagged. Some believe that because the program was new, the program was not trusted by tech executives yet, so warnings were ignored.
It appears that the warning signs were there, but this doesn’t explain how companies like Neiman Marcus, Michael’s, and others have simultaneously experienced serious breaches – did they have systems in place, or not? Did they also ignore signs, or not?
This isn’t the last we’ve heard of this situation at Target and other big box retailers.