By now everybody’s heard of the Target breach that exposed credit card and personal data on millions of consumers. And many have heard that this breach appears to have begun with a malware-laced, phishing attack sent to contractors that worked with Target, specifically an HVAC firm based out of Pennsylvania. Without rehashing too much of this already famous case, a single email started as the entry point to a breach that eventually affected point-of-sale machines all over the nation.
A phishing email, if it’s not recognized and eliminated, can serve as the egress point to any number of corporate networks, in this case one that held the personal and credit information of millions of customers. Worse yet, recognizing a phishing attempt such as this isn’t always as easy at it sounds, and once you let them in, intruders can often move undetected through the system. The email in question led to network credentials issued to the HVAC company, which led to a network that had backdoor access to a larger Target network, which in turn led to a serious breach.
It’s becoming increasingly important to understand how phishing attempts work, what they look like and how to prevent them, but it’s also important that the companies you do business with do the same. While Target’s infosec teams may have felt that they had taken the proper preventative measures, in the end it didn’t come down to their protection, but the protection of the HVAC firm they worked with. It’s not just about having an email security solution for your company, but also every company you contract with.
And the losses here haven’t come cheap. According to the Washington Post, within a week of Target’s disclosure about the breach it was facing almost two dozen lawsuits filed by customers and one filed by Connecticut Based Putnam Bank for reimbursements, customer alerts and new cards. However what’s worse is the loss of trust that Target has experienced among its customers, something that can cripple a business for years to come.
Phishing attempts might seem like the least of your worries when it comes to the IT security of the entire enterprise, but the most basic mistake at the email level can, as Target is now finding, clearly have innumerable consequences for a company’s growth and reputation. Just because a security measure seems inconsequential in the grand scheme of things, doesn’t mean it can’t be used as an entryway into your company’s internal networks. We recommend that enterprises that use Sendio suggest our powerful email security for any firm they do business with to ensure that both parties are safe from breaches. As a metaphor of the importance of email security, we’ll leave you with the following apt analogy:
For want of a nail, the shoe was lost.
For want of a shoe, the horse was lost.
For want of a horse, the rider was lost.
For want of a rider, the message was lost.
For want of a message, the battle was lost.
For want of a battle, the kingdom was lost.
And all for the want of a horseshoe nail.
//
