Lessons Unlearned: The Target Breach Ten Years Later

DarkReading reports that one full decade after the data breach that hit giant retailer Target served as a wake-up call about the consequences of lax cybersecurity, vulnerabilities persist and the lessons of the event remain half-learned. 

Target’s costs associated with the breach included investigative costs, PR efforts, and legal settlements of more than 140 lawsuits including $10 million for a class-action, $67 million with Visa, and $19 million with Mastercard.

Immediately after the breach Target invested $100 million in secure payment technology, including chip-and-PIN cards, and gave customers free credit monitoring. Nevertheless, shopping traffic, sales and the company’s stock price all fell. It took years for them to rebound.

The immediate reaction across corporate America was reasonable. Companies began to treat cybersecurity as a serious issue. Chief information security officers focused on point-of-sale systems and endpoint security, installed advanced malware detection, and tightened access and third-party risk management.

But according to DarkReading, corporations still haven’t adopted the cultural transformation that embeds security into every business process, every employee practice, and every line of code in development.

The biggest problem? Lack of real-time, data-centric security measures. Companies are fixated on guarding perimeters instead of the data itself and ignore the fact that once intruders breach the outer defenses they can peruse sensitive information at their leisure.

The article advocates zero-trust security models that verify everything trying to connect to systems before granting access, and an organizational culture that prioritizes security as a daily practice, not a quarterly concern. Otherwise, it warns, the stage is being set for a breach that makes the Target breach look like a footnote in cybersecurity history.