A Comprehensive Analysis of the 2013 Target Cyber Breach and Defenses

Verified

Added on 2022/12/19

AI Summary

This report provides a detailed analysis of the 2013 Target data breach, exploring the timeline of events, the methods used by attackers, and the significant impact on customers and the organization. It examines the importance of robust cyber defenses, including the rising costs of breaches, the sophistication of modern hackers, and the availability of hacking tools. The report also discusses the increasing threat posed by IoT devices and the government's role in cybersecurity, including regulations like DFARS and NIST standards. The conclusion emphasizes the need for comprehensive cybersecurity measures for organizations of all sizes, highlighting the evolution of cyber threats and the necessity of proactive security strategies. The report references several academic sources to support its findings.

Running head: TARGET CYBER BREACH
TARGET CYBER BREACH
Name of Student
Name of University
Author’s Note

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1TARGET CYBER BREACH
Introduction
Data breach can be described as a specific security incident where data can be
accessed without any sort of authorization. Data breaches usually aim in harming various
businesses as well as consumers in numerous ways. Breaches are usually costly which has the
ability to damage reputations as well as lives and hence consume much time to repair. Data
breaches are very frequent these days (Manworren, Letwat & Daily, 2016). With the progress
of technology, more data moves to the digital world, this results in making cyber-attacks very
costly along with being common. Globally, the overall average cost for a company that has
been affected by data breach includes $3.86 million, as per a particular study carried out by
the Ponemon Institute (Shu, Tian & Ciambrone, 2017). This represents the fact that around
$148 on average for every record that is stolen, online crime is actual threat to anyone who
exists in internet.
Discussion
Organization that had a cyber-breach
Target’s data breach had taken place in the year of 2013, not every details regarding
attack had been made public but numerus researchers as well as experts had developed an
attack timeline that had exposed various critical junctures during the attack and hence
highlight numerous points where it could have been prevented (Cheng, Liu & Yao, 2017).
The attack had been started in the month of 27th November, 2013. The professional who was
in the post of target personnel had found out regarding the breach and hence informed the
U.S. Justice Department within the month of 13th December. The security blogger had posted
regarding the entire story (Janakiraman, Lim & Rishika, 2018). This particular attack had
targeted numerous debit as well as credit records of the customers. Various sources had
reported that the breach had appeared to have just started on as well as around Friday of

2TARGET CYBER BREACH
2013. The target personnel had informed regarding the fact that the customers who were
shopping at one of the stores of the organization during the attack had to compromise with
their card details. This had occurred with around 110 million of customers (Weiss & Miller,
2015). The attacker had been successful in backing their way in the corporate network of the
target with the help of compromising a particular third-party vendor. The overall number of
vendors that had been targeted was not exactly known however they took control over only
one (Greene & Stavins, 2017). A phishing emails was duped a certain Fazio employee, this
had allowed Citadel to be installed on the computers belonging to Fazio. The attackers had
waited till they got the perfect opportunity to attack, login credentials of Fazio Mechanical.
Importance of cyber defences
Cyber defences had been very important due to numerous reasons, these reasons are
as follows
The rise in the cost of breaches: this is important because cyberattacks had been very
expensive for any sort of business. Statistics that have been calculated with the help for
various researches, had reported that the average cost of a particular data breach at a huge
firm could be around 20, 000 Euros (Solove & Citron, 2017). Besides financial damage, the
cost incurred in the remediation process is huge as well. Along with inflicting untold
reputational changes.
Increasing the rate of sophisticated hackers: nowadays, every website has their own
website along with having exposed systems which can provide numerous attackers with
numerous entry points into the internal networks (Gray & Ladig, 2015). With the help of
attacks that are highly sophisticated, the commonplace business requires to assume the fact
that they would be breached at some time and hence implement various controls which can
help them against the attack.

3TARGET CYBER BREACH
Hugely available hacking tools: the tools that are required for the purpose of hacking a
certain website ae readily available. Due to this the skilled hackers tend to pose a huge
amount of threat towards the businesses. The huge availability of the hacking tools as well as
programmes on internet had also resulted in the growing threat as compared to the individuals
who are less skilled (Wang, Ali & Kelly, 2015). The commercialization of the cybercrimes
had resulted in making it easy for anyone to gain the resources that they would require for
launching the damaging attacks like a ransomware as well as crypto mining.
Proliferation of numerous devices of IoT: nowadays, there ae a huge range of smart devices
that are connected to the internet. They are called internet of things, these devices have
become very common in offices and homes (Cheng, Liu & Yao, 2017). On the surface, the
devices could simplify along with speed up numerous tasks. Besides this, it further offers
more level of accessibility as well as control. There results issues regarding the cyber
security. Introduction of IoT devices, had resulted in introducing a huge range of various
security weaknesses.
Applicable government requirements
There are numerous challenges that government face for the purpose of securing
public data. It tends to be a barrier for long as well as awaited transformation of digital
technology. Besides this, the stakes had been very high, which makes hacking the data
belonging to public sector in threatening the national security (Janakiraman, Lim & Rishika,
2018). Along with the trust of public. In the response to growing threats in cyber security,
government usually tend to implement various new regulations which require in undertaking
numerous measures for the purpose of protecting sensitive data that is stored in various non-
governmental systems as well as networks, these include information that is stored, the data
that is accessed, or send outside the state or country (Weiss & Miller, 2015). As per

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4TARGET CYBER BREACH
government requirements, the contractors working under the government and are responsible
for the purpose of handling sensitive data regarding federal government must comply along
with the requirements of cybersecurity that are found in Defence Federal Acquisition
Regulation Supplement, this tends to implement as well as incorporate National Institute of
Standards and Technology Special Publication 800-171.
Under the regulations of DFARS, various contractors should adhere around two basic
requirements
They should provide proper security for the purpose of safeguarding covered defence
data which tends to reside or transmit with the help of internal as well as unclassified systems
from a certain unauthorized access along with disclosure.
They should report numerous cyber incidents and hence cooperate along with the
Department of Defence for the purpose of responding to the incidents related to security.
Besides this, NIST had imposed specific requirements along with respect for various
categories including access to controls, training as well as awareness, accountability as well
as audit, management of configuration, multifactor and identification authentication, response
to incidents, maintenance, protection to media, security assessment, communications and
systems protection, personal security and integrity of information and system.
Every category has numerous necessities which results in more than hundred different
controls. Such as within the category of access control, NIST should assure that the
contractors have limited any sort of unsuccessful attempts to logon and hence terminate a
specific session of user after a certain defined condition takes place.
Conclusion
From the above essay, it could be concluded that, the cyber criminals or hackers had been
very advanced and are able to hack any tough system for the purpose of accessing

5TARGET CYBER BREACH
organizational data. Cybercrime had been very common within organization nowadays. Due
to these reasons, cyber security is supposed to be thorough as well as seamless irrespective of
the business size or the organizational standing. Computer networks had always been the
target of the hackers. This particular essay describes regarding the Target cyberattack that had
occurred in the year of 2013. It further discusses regarding the importance of the cyber
security along with the government requirements that are applicable.

6TARGET CYBER BREACH
References
Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: causes, challenges,
prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and
Knowledge Discovery, 7(5).
Gray, D., & Ladig, J. (2015). The implementation of EMV chip card technology to improve
cyber security accelerates in the US following target corporation's data
breach. International Journal of Business Administration, 6(2), 60.
Greene, C., & Stavins, J. (2017). Did the Target data breach change consumer assessments of
payment card security?. Journal of Payments Strategy & Systems, 11(2), 121-133.
Janakiraman, R., Lim, J. H., & Rishika, R. (2018). The effect of a data breach announcement
on customer behavior: Evidence from a multichannel retailer. Journal of
Marketing, 82(2), 85-105.
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data
breach. Business Horizons, 59(3), 257-266.
Shu, X., Tian, K., Ciambrone, A., & Yao, D. (2017). Breaking the target: An analysis of
target data breach and lessons learned. arXiv preprint arXiv:1701.04940.
Solove, D. J., & Citron, D. K. (2017). Risk and anxiety: A theory of data-breach harms. Tex.
L. Rev., 96, 737.
Wang, P., Ali, A., & Kelly, W. (2015, August). Data security and threat modeling for smart
city infrastructure. In 2015 International Conference on Cyber Security of Smart
Cities, Industrial Control System and Communications (SSIC) (pp. 1-6). IEEE.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7TARGET CYBER BREACH
Weiss, N. E., & Miller, R. S. (2015, February). The target and other financial data breaches:
Frequently asked questions. In Congressional Research Service, Prepared for
Members and Committees of Congress February (Vol. 4, p. 2015).