In the last months of 2013, Target – the well-known American retailer – experienced a major security breach. The target infringement led to several systems for sale being exposed to malicious code, giving cybercriminals access to millions of customers' personal and financial data. The incident became one of the most notorious data breaches during the decade and affected customers across the country.
Target had many consequences in the aftermath of the infringement — including a series of restoration costs, hundreds of lawsuits, declining customer trust, lost profits, and widespread criticism related to the company's initial response. In retrospect, organizations can learn many lessons by analyzing the details of this intrusion, its impact, and the mistakes of the target along the way. Here's what your organization needs to know.
Details of target data breach
In September 2013, cybercriminals used an e-mail phishing to deceive an employee of Fazio Mechanical, a plumbing contractor. and one of Target's third-party providers — to provide its references. From there, cybercriminals used these stolen credentials to infiltrate Target networks and install malware on a number of outlets on November 15. Although Target had various cyber security measures in place to avoid such an incident, Fazio Mechanics' lack of software detection software and the failure of both companies to properly segment their networks enabled cybercriminals to successfully implement their plan.
Cybercriminals officially launched malware and began collecting customer data from Target's sales system on November 27. Three days later, FireEye – a company from which Target had purchased security software earlier that year – discovered malware and reported the problem to Target's headquarters. Although he received this report, Target took no action to stop the malware. After Target's insufficient response, cybercriminals were then able to implement filtering programs on sales systems to transport customer data from the company's network. In the coming days, cybercriminals began to move data. This activity triggered another report from FireEye on December 2nd. However, Target still did not respond to malware.
On December 12, the US Department of Justice identified malware and notified Target of the infringement. At that point, Target began investigating the incident and received help from both the Secret Service and the FBI. By December 15, most of the malware had been removed. On December 18, a cybersecurity blogger became aware of the intrusion and shared the information about the incident publicly. A day later, Target released an official statement on the issue, describing what happened and confirming that the company was working with the right authorities to resolve the incident. Nevertheless, serious injuries had already occurred. In total, cybercriminals compromised approximately 40 million customers 'credit and debit card information as well as 70 million customers' personal information (eg names, addresses and telephone numbers).
The Impact of the Target Data Breath
In addition to compromised customer data, Target encountered a number of consequences after the intrusion.
Target had to take several steps to recover from the intrusion and minimize the risk of future security incidents. The recovery efforts included getting help from a third-party forensic company to investigate the breach, offering customers a year of free credit monitoring, setting up a call center for infringement-related problems, equipping chip and PIN-enabled outlets, segmenting various corporate networks and implementing stricter access controls. The total cost of these efforts amounted to more than $ 250 million.
In addition to recovery costs, Target also faced significant legal costs from the infringement. In particular, the company was involved in over 140 lawsuits across the country regarding the incident. In 2017 – four years after the intrusion occurred – the case finally reached a $ 18.5 million settlement spanning 47 states. As part of the settlement, the company was required to consult a third party to help encrypt and further protect customer data, and to hire a manager who is responsible for leading a cybersecurity program in the workplace – thereby increasing costs.
Finally, Target experienced a number of reputational problems due to the crime – namely reduced customer trust and distrust of leadership. The timing of the incident was particularly damaging, as it took place during the holiday shopping season and negatively impacted the turn of the year.
In fact, Target's profits fell by a staggering 46% in the last quarter of 2013. Moving into In January 2014, a third (33%) of U.S. households reported trading on Target — a 10% decrease  from the previous year. The company's long-standing response to the breach was also heavily criticized, prompting stakeholders to hold leaders accountable for the delays and demand change. As a result, both Target's longtime CEO and Chief Information Officer resigned in 2014, paving the way for significant leadership transitions.
Lessons from the Target Data Breach
There are several cybersecurity downloads from the Target data breach. The event specifically emphasized these important lessons:
Investments in cybersecurity measures are worth it.
This large-scale intrusion could have been minimized or possibly avoided altogether if Target had additional security measures in place, e.g. network segmentation and more sophisticated data encryption techniques. As such, this incident highlighted the value of investing in adequate cyber security procedures. The cost of implementing these measures is well worth the benefit of discouraging even more expensive incidents further down the road.
An effective response response plan is critical.
One of Target's biggest setbacks during the intrusion was the company's first response. Although Target received several reports from FireEye about malware, the company could not act until the federal government got involved. By responding just a few days earlier, Target could have stopped cybercriminals before they could transport customer data – which significantly limited the effects of the breach. In addition, the company took extra time to inform the public about the incident, which upset many customers. Such concerns emphasize the importance of taking reports seriously, acting quickly and having an effective response response plan. This type of plan can help an organization establish rapid response protocols for remaining operational and mitigate cybercrime losses. In general, an effective cyber incident response plan should describe:
• Who is part of the cyber incident response team (eg board members, department heads, IT professionals, legal experts and HR specialists)
• What roles and responsibilities each member of the cyber incident response team must maintain during an attack
• What the organization's key functions are and how these operations will continue during an attack
• How critical workplace decisions will be made during an attack
• When and how stakeholders to be informed of an attack (eg employees, customers, shareholders and suppliers)
• What federal, state and local regulations the organization must follow when responding to an attack (eg incident report protocols)
• When and how the organization should seek help from additional parties to help recover from an attack (eg law enforcement and insurance staff)  Third party exposures must be considered.
This violation also demonstrated the importance of promoting third party security. After all, Fazio Mechanics' cyber vulnerabilities are what ultimately led to the intrusion. To prevent these exposures, it is important to work with vendors, suppliers and other third parties to ensure that they maintain effective cyber security practices. This cooperation may include the incorporation of cyber risk management into supplier contracts, the restriction of third party access to sensitive data and the monitoring of suppliers' compliance with applicable regulations – for example Payment Card Industry Data Security Standard.
Proper coverage can make all the difference.
Finally, this intrusion made it clear that no organization – not even a successful, national reseller like Target – is immune to a data intrusion. What's worse, cyber incidents have only increased in cost and frequency since this incident occurred. This is why it is crucial to ensure adequate protection against cyber-related losses by ensuring proper coverage. Make sure your organization works with a reliable insurance professional when navigating these coverage decisions.
We can help you.
In the unfortunate event that your company falls victim to a cyber attack, of any kind, we can help you recover.
Cyber- and data intrusion insurance is developed daily when new threats emerge and new insurance companies enter the market.
Regardless of the type of business, one thing is for sure, if you are a company in operation today, you face cyber risks. Which means you need to carefully understand your risk of loss, how you would react if a loss occurred, and whether covering cyber and data breach liability makes sense to you.
The coverage level your company needs is based on your individual business and may vary depending on your exposure range. It is important to work with an insurance advisor who can identify your risk areas and adapt a policy that suits your unique situation.
If you want additional information and resources, we will help you analyze your needs and make the right coverage coverage to protect your business from unnecessary risks. You can download a free copy of our e-book, or if you are ready, make Cyber Liability Insurance part of your insurance portfolio, Request a proposal and we will work for you.