Ricoh blog: 3 lessons learned from the Target’s data breach

The Target security breach of their point of sale system (POS) earlier this year and the theft of millions of customers’ credit cards was unfortunate, to say the least. A good rundown of what happened to them can be found here in the New York Times. But the exploit has some important lessons for beefing up your own security posture. Here are a few important takeaways.

1. Segment your network properly. 

One of the main entry points into their POS network was that their heating contractor had way more access rights than they needed. Why does such a contractor need to have access to your entire network just to turn up the heat? Brian Krebs writes, “it is common for large retail operations to have a team that routinely monitors energy consumption and temperatures in stores to save on costs (particularly at night) and to alert store managers if temperatures in the stores fluctuate outside of an acceptable range that could prevent customers from shopping at the store.” That being said, it turns out that the bad guys were able to steal the contractor’s network credentials and be able to get into many stores’ networks as a result.

2. Take a closer look at two factor authentication. Another issue was the heating contractor wasn’t using two-factor authentication on their network credentials. There was simply no excuse for this, and nowadays you can add a second factor to your logins at Facebook, Twitter, Google Docs, LinkedIn and many other software sites. The US CERT has put together a list of recommendations for specifically protecting POS systems but the first step is in strengthening passwords. I have reviewed many of the two factor tools that enterprises can use here for Network World; they are relatively straightforward to implement. And while they can’t protect you against every attacker (as one notable example: in the Netflix series of House of Cards, the two factor protection is defeated by one of the story’s characters in season 2), still it is better than not having it at all.

3. Change your default admin accounts. One part of the exploit made use of a username which was the same one that gets installed with an IT management software suite from BMC called Performance Assurance for Microsoft Servers. Brian Krebs again has more information about how this all happened. This is again a common exploit, and there is no excuse for laziness: change those default passwords, especially on accounts that have administrative or supervisory access to multiple or sensitive systems.

Obviously, these are just the tip of the iceberg, But all three lessons are important ones to remember to strengthen your own network security so you don’t become another Target. There is no point in having a strong perimeter defense if outsiders can easily become insiders and roam freely around your network.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.