Target Data Breach Case Study

The Target data breach is a very good example of the risks of using single level/layer defense strategies for information security in an organization. In fact, it taught us and the organizations in the information security industry a very valuable lesson as to how important is it to employ strategies like Defense in Depth, Critical Controls etc., Below is a brief summary of steps that can be taken to avoid such attacks. I've included the chain of different events that led to the Target Data breach and the Countermeasures/controls that could be put in place to counter and/or avoid such events/attacks.

> A third party vendor which is an HVAC company based in Pennsylvania, was given access to Target's systems. The systems of this third party vendor became the first point of entry for attackers to gain access to
- If Target had used Honey Pots to trap and identify different attacks and acted upon it and/or - If Target had acted upon the alerts risen by the Intrusion Detection Systems it had in place.

Has Target employed above mentioned critical countermeasures and controls it could have avoided the data breach or at least kept the damage done by the attackers to a minimum. The most unfortunate thing was that Target had some countermeasures like Intrusion Detection Systems in place to avoid such attacks/incidents, however it failed to have set of standards and principles and an organized chain of structure that could act upon the alerts which could have prevented this data