Target, a large US retailer headquartered in Minneapolis, suffered a massive data breach in 2013 that compromised some 40 million customer debit and credit cards, as well as personal information of an additional 70 million customers (about 20 percent of the US population). Public consternation over this and other data breaches led to accelerated deployment of chip-embedded (EMV) credit cards; renewed appreciation of the need for network segmentation, third-party oversight, and logging analytics; dismissal of key corporate executives; damaged company stock market performance; and a call for better sharing of cyberthreat intelligence.
Review the links below and other Internet sources on the Target data breach. Also research ways in which remote access by third parties into an organization’s network resources can be contained. Develop an attack tree diagram to describe the possible exploits that could have been used to exploit Target’s vulnerabilities and highlight the actual attack path used. Write a brief case study analysis that highlights procedures that should be implemented to reduce the probability of future attack via a third party vendor’s vulnerability.
- Michael Kassner (2 February 2015), “Anatomy of the Target Data Breach: Missed Opportunities and Lessons Learned,” ZDNet. Retrieved from http://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/.
- Anthony Wing Kosner (17 January 2014), “Researchers Report Exact Timeline Of Massive Target Data Breach,” Forbes. Retrieved from http://www.forbes.com/sites/anthonykosner/2014/01/17/researchers-report-exact-timeline-of-massive-target-data-breach/#66c1669d58aa.
- Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack (13 March 2014), “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It,” Bloomberg Business. Retrieved from http://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data.
Your paper should be written following APA guidelines, using 12-point font, and including a title, executive summary, and reference page. The content of your paper should be three to four pages in length, excluding the title and reference pages. Submit your Research Paper to the Dropbox titled for this activity by the date specified by your instructor.