A “Kill Chain” Analysis on the Target Data Breach – The Hits Just Keep on Coming
On March 25th, Senator John D. Rockefeller released a report entitled, “A ‘Kill Chain’ Analysis of the 2013 Target Data Breach,” which found that Target Corp. failed to act on early warning signs to prevent last year’s data breach, in which hackers stole the financial and personal information of approximately 110 million customers. The report criticized Target and stated that the retailer “failed to respond to multiple automated warnings” and “failed to detect and stop” the hackers at early and key points.
For example, the report faulted Target’s information security practices and personnel for: granting network access to a third-party vendor with inferior information security practices; failing to respond to multiple automated warnings from Target’s anti-intrusion software; and failing to properly isolate the company’s most sensitive network assets. Additionally, the report points out that a specific Target employee could have disrupted the attack on the company’s network at an early stage “by training its staff to recognize and report phishing emails.”
Target has suffered huge reputational and financial losses as a result of its 2013 data breach, and the hits just keep on coming. Target is getting hit from all sides – it is facing law suits in the courts, scrutiny on the Hill, and attacks in the media. This report highlights the need for all companies, including hotels, to proactively protect themselves against data breaches by maintaining robust information security practices and training all employees to recognize early warning signs and avoid risky practices. Hotels can help protect themselves from the risk of data breach by properly training their employees to comply with robust data-security practices and policies by utilizing Venza’s PCI training modules or other custom learning solutions.
The Venza Group has partnered with the law firm Arnall Golden Gregory (AGG) to create a series of interactive eLearning modules to address PCI compliance in the hotel industry. Management, employees and IT are taught about the requirements they must support as part of the Payment Card Industry Data Security Standards. The Venza Group also has partnered with AGG to create an interactive eLearning module to train hoteliers on general privacy and security awareness issues and on sexual harassment prevention.