On That Day, Everything Changed
When Target Corporation was breached in 2013, leading to the loss of over 110 million customer records, it was following industry best practices to ensure that corporate assets were properly protected. It employed internal security practitioners. It outsourced niche services such as penetration testing and malware analysis to specialists. Its data travelled to a security operations center. To infiltrate Target, attackers broke into a smaller vendor – which did not have the same level of protections – and swam upstream via a trusted network relationship.
The lesson learned from the perspective of the largest corporations . . .