How a Data Breach Cost Target $220 Million and How to Prevent It

May 25, 2017

In years since the infamous 2013 Target security breach, FMs and IT professionals have learned that a hack could happen with credentials for a BAS or IoT system.

The 2013 data breach at Target that was a result of stolen credentials from a third-party HVAC vendor has finalized into a settlement of $18.5 million. This is just an additional cost of the already $202 million lost by the company when a reported 40 million credit card numbers were stolen

The hackers used the stolen credentials to break through from a “billing, contract submission, and project management” platform. It left customers blindsided by identity theft and placed Target in poor standing from a market perspective. 

Target is now required to adopt advanced security measures to maintain customer information such as employing an executive to oversee a comprehensive information security program in addition to hiring an independent third party to conduct routine comprehensive security assessments.

In years since the infamous 2013 Target security breach, FMs have accepted that a similar hack could happen with credentials for a BAS or IoT system, especially if too many are given access to key log-ins or a third-party is performing remote monitoring services.

It cannot only be up to IT professionals to beef up cyber security anymore. In fact, 75% of IT administrators admit they don’t have a formal cyber security incident response plan (CSIRP) ready to go if an event should occur. Establishing this groundwork can prevent cracks in security at the start of an infiltration. 

There are many resources for facilities managers to accurately test products and systems to eliminate vulnerabilities. The Cybersecurity Assurance Program (UL CAP) developed by UL uses the newly created UL 2900 standards as the basis for cybersecurity assessment and is open source to simplify interactions between systems, strategies, and products.

Building operations are trending toward becoming fully automated into BAS and IoT systems, making facilities smarter than ever. And with these updated technologies, demands up-to-date cyber security, illustrated in the Johnson Controls whitepaper.

Thirty one Intel Security thought leaders got together for a roundtable discussion and came up with 14 cyber threats for 2017. The bigget threat was one we've already been faced with on an international scale--ransomware has attacked healthcare facilities and has held computers and their users hostage, refusing to grant access without sending the hacker a cash offering. It's only a matter of time until hackers have the ability to infiltrate computer systems in the U.S.. It's important for users to keep computers safe with the latest updates. What may seem tedious in restarting to install updates, it is vital to update computer systems to be able to fight off newly developed viruses and hacking methods.

Voice your opinion!

To join the conversation, and become an exclusive member of Buildings, create an account today!

Sponsored Recommendations

Building Better Schools

Download this digital resource to better understand the challenges and opportunities in designing and operating educational facilities for safety, sustainability, and performance...

Tips to Keep Facility Management on Track

How do you plan to fill the knowledge gap as seasoned facility managers retire or leave for new opportunities? Learn about the latest strategies including FM tech innovations ...

The Beauty & Benefits of Biophilic Design in the Built Environment

Biophilic design is a hot trend in design, but what is it and how can building professionals incorporate these strategies for the benefits of occupants? This eHandbook offers ...

The Benefits of Migrating from Analog to DMR Two-Way Radios

Are you still using analog two-way radios? Download this white paper and discover the simple and cost-effective migration path to digital DMR radios that deliver improved audio...