"Autopsy of a Data Breach: The Target Case" case study looks into the sequence of events that led to the largest breach of confidential data in history when cybercriminals stole 40 million debit and credit card numbers and other personal information of millions of customers.
Harvard Business Review (HEC130-HCB-ENG)
March 01, 2016
Case questions answered:
- Summarize the timeline and key chain of events in the data breach at Target and describe the links that completed the chain causing the explosion.
- What lessons can be learned from Target and how can these lessons be leveraged by risk managers in other organizations?
- In your own words, explain the concept of Operational Risk as it relates specifically to technology.
- Define and explain the key attributes of the IMF’s measures to strengthen resilience to cyber risk.
- How would you apply the IMF framework relating to measures to strengthen resilience to cyber risk to the Target case?
Not the questions you were looking for? Submit your questions & get answers.
Case answers for Autopsy of a Data Breach: The Target Case
Summarize the timeline and key chain of events in the data breach at Target and describe the links that completed the chain causing the explosion.
The data breach at Target partly came from the failure of the retailers to appropriately separate the systems dealing with sensitive payment card data from the rest of the network. Hackers broke into the network of the retailers through the use of login identifications which were taken from a heating, ventilation, and air conditioning organization working for Target in several places (Sidel & Dan, 2013).
The attackers got access given by the Fazio credentials to undertake activities on the Target network undetected and also upload malware programs on the POS systems of the company. They managed to steal data meant for about 40 million credit and debit cards. The company seemed to have allowed third-party access to its networks but it failed to appropriately secure access to the systems. Target gave Fazio access but it should have segmented its networks to make sure that Fazio or any other person does not have access to the payment systems (Sidel & Dan, 2013).
What lessons can be learned from Target and how can these lessons be leveraged by risk managers in other organizations?
Target data breach can be considered as a watershed activity that puts the spotlight on the security of security cards. Several lessons are learned from Target data breach and these should be seriously considered by managers in any organization. To begin with, one of the lessons is that…