You’ve got board support and the biggest cybersecurity budget. You’ve got best-practice policies and procedures in place, hired the right people, built state-of-the-art threat intel and other systems, you test continuously and you have created a cybersecurity culture throughout your organization. That’s great. But you still have a problem that is largely beyond your control and that can render all that useless.
|
One of the most publicized hacks (and the one mentioned by almost all the CISOs below) is the 2013 attack on US retailer Target and its payment system that affected more than 41 million of the company’s customer payment card accounts. The initial intrusion into its systems was traced back to network credentials stolen from a heating and air conditioning (HVAC) subcontractor that had access to the network for legitimate reasons.
Aside from the immediate stock price fall, the reputational damage and the firing of the chief executive, the breach prompted a series of lawsuits that were only finally resolved in 2017 when Target agreed to pay $18.5 million to settle claims by 47 states and the District of Columbia.