Do you remember the Target data breach of 2013? Right around Christmas time the company discovered a security breach. The company warned many of their Black Friday shoppers and other customers during that time that it was recommended they replace all of the credit cards that had been used at any Target location. The data breach affected roughly 40 million customers and cost the company millions of dollars.
You may have been affected by this breach personally, or heard about it in the news. However, do you know how the data breach came about? The breach was actually not a result of weak cyber security on Target’s part. The initial intrusion in the Target system was traced back to network credentials that were stolen from a third party vendor.
The vendor in question was a refrigeration, heating, and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. Hackers were able to break into the third party vendor’s system and gain access to Target’s network.
How the Target Hack Happened
Sources said that between Nov. 15 and Nov. 28 (Thanksgiving and the day before Black Friday), the attackers succeeded in uploading card-stealing malicious software to a small number of cash registers within Target stores.
By the end of the month the intruders had pushed their malware to a majority of Target’s point-of-sale devices, and were actively collecting card records from live customer transactions. Target has said that the breach exposed approximately 40 million debit and credit card accounts between Nov. 27 and Dec. 15, 2013.
Vulnerable Spots for a Data Breach
You may have a strong data security plan in place, but do the businesses that you work with use the same precautions? A data breach for smaller companies may not end up costing millions of dollars, but with the average cost of a data breach at $0.58 a record, a data breach could still have a lasting impact on your business.
Organizations today face the pressure of defending against a variety of attacks. These threats emphasize the importance of complying with basic security standards and pursuing more sophisticated solutions if the resources are available.
Here is a list of the 5 most common attack patterns of 2014 for businesses:
Point-of-sale (28.5% of Incidents)
- A Point-of-Sale system is usually referring to the cash register, or wherever a purchase or transaction takes place. The information customers hand over, if captured, can be used by cybercriminals to commit credit card fraud and identity theft.
Crimeware (18.8% of Incidents)
- Crimeware is a type of malicious software designed to carry out or facilitate illegal online activity. Check out this article for more information on how to protect yourself from crimeware.
Cyber Espionage (18% of Incidents)
- The use of computer networks to gain illicit access to confidential information, typically that is held by a government or other organization. To find out about the other types of corporate espionage check out this article: The Best Corporate Espionage Stories.
Privilege Misuse (10.6% of Incidents)
- The typical organization loses 5% of its revenues to fraud by its own employees each year, with most thefts committed by trusted employees in executive positions, operations, accounting, sales, customer service or purchasing, according to the Association of Certified Fraud Examiners (ACFE).
Web Applications (9.4% of Incidents)
- Application development is moving more and more onto the Web. The application layer is the hardest to defend. The vulnerabilities encountered here often rely on complex user input scenarios that are hard to define with an intrusion detection signature. This layer is also the most accessible and the most exposed to the outside world.
This infographic from Tripwire shows the most likely source of an attack on a company by industry:
Data Security and Management
Protecting your confidential information should be a high priority for any business owner. One of the easiest ways to protect information is by establishing a document management plan from creation to destruction.
There are multiple ways to handle your documents, from offsite storage to cloud services and record scanning. No matter what the document management option you choose, you should make sure you are using the most secure methods to handle your records.
Get Free, No-Hassle Document Management Quotes Today!
Record Nations can help you eliminate some of the hassle of making sure you have a secure document management program with the highest level of security.
Fill out the form to the right, or give us a call at (866) 385-3706. Within minutes of receiving your request, you will have free quotes from experts in your area that can help you.