How a Data Breach Cost Target $220 Million and How to Prevent It

05/25/2017 |

In years since the infamous 2013 Target security breach, FMs and IT professionals have learned that a hack could happen with credentials for a BAS or IoT system

The 2013 data breach at Target that was a result of stolen credentials from a third-party HVAC vendor has finalized into a settlement of $18.5 million. This is just an additional cost of the already $202 million lost by the company when a reported 40 million credit card numbers were stolen

The hackers used the stolen credentials to break through from a “billing, contract submission, and project management” platform. It left customers blindsided by identity theft and placed Target in poor standing from a market perspective. 

Target is now required to adopt advanced security measures to maintain customer information such as employing an executive to oversee a comprehensive information security program in addition to hiring an independent third party to conduct routine comprehensive security assessments.

In years since the infamous 2013 Target security breach, FMs have accepted that a similar hack could happen with credentials for a BAS or IoT system, especially if too many are given access to key log-ins or a third-party is performing remote monitoring services.

It cannot only be up to IT professionals to beef up cyber security anymore. In fact, 75% of IT administrators admit they don’t have a formal cyber security incident response plan (CSIRP) ready to go if an event should occur. Establishing this groundwork can prevent cracks in security at the start of an infiltration. 

There are many resources for facilities managers to accurately test products and systems to eliminate vulnerabilities. The Cybersecurity Assurance Program (UL CAP) developed by UL uses the newly created UL 2900 standards as the basis for cybersecurity assessment and is open source to simplify interactions between systems, strategies, and products.

Building operations are trending toward becoming fully automated into BAS and IoT systems, making facilities smarter than ever. And with these updated technologies, demands up-to-date cyber security, illustrated in the Johnson Controls whitepaper.

Thirty one Intel Security thought leaders got together for a roundtable discussion and came up with 14 cyber threats for 2017. The bigget threat was one we've already been faced with on an international scale--ransomware has attacked healthcare facilities and has held computers and their users hostage, refusing to grant access without sending the hacker a cash offering. It's only a matter of time until hackers have the ability to infiltrate computer systems in the U.S.. It's important for users to keep computers safe with the latest updates. What may seem tedious in restarting to install updates, it is vital to update computer systems to be able to fight off newly developed viruses and hacking methods.


Related Coverage