What made the Target breach resonate so loudly among consumers and security professionals? It was certainly a big breach, but big breaches are not really anything new these days. Perhaps it was the brand-name element that brought it home – although we've seen plenty of brand names in trouble with data security – or maybe it was the nature of the breach itself, attacking the point-of-sale systems where the customer themselves actually interacts, making this seem all the more personal. Whatever the reason, the Target breach felt like watershed, as though finally a breach had occurred that would shake up the status quo.
It wasn't and it didn't.
While the technical details of the Target breach are interesting, it's easy to get hung up on discussions around chip-and-pin, malware and network segmentation, and in the process lose sight of the broader trends that underlie this and other breaches.
First – the bad guys get in. Always. It doesn't matter if it's social engineering, phishing, or strolling in via your AC management system. Sooner or later they find the weak spot and they exploit it – despite all of your best plans to keep them out. So it's high time to start dealing with that basic truth. Good security process and the right tools can slow them down, and maybe stop them for a while, but in the end, there's always some system that's not patched, some user that's gullible or over-worked at the wrong time, or some contractor you didn't watch closely enough. Target learned this the hard way. Who would have guessed that an HVAC system could be a point of weakness?
Second – once they are in, you better figure out how to spot them. This is possibly the most baffling to people outside the industry. Surely, with all that money spent on security, the minute the attackers are in all kinds of alarms start going off, right? Well, kind of. In the case of the Target breach, like so many others, there *was* plenty of security technology in place, and yes, the alarms were apparently going off, but the problem was spotting which alarms they needed to respond to because they actually mean something. Most security teams are overworked and spend their lives swamped by too much to do, with too many competing priorities, and as a result, spotting when the bad guys inevitably breach the defenses and start pillaging data is far from easy.