Don't be an easy Target - see what we did there?

If you haven't heard about the Target cyber security breach lately, we'd like to welcome you back from your long vacation.  What we at Steady State Security have been debating for a couple of months now is, how did this occur?

We're finally seeing legitimate sources give us insight into how this was done:  The heating guys!?  As surprising as some may find this, not having a strict access control policy can leave networks open when dealing with third party access.

It should be eye opening to see an IT system loaded with all of the latest bells and whistles be easily infiltrated by apparently lax account standards.  It is being reported that Target gave an HVAC contractor remote access at some point last year and these credentials were ultimately stolen and used as the first phase of the attack.

Having a remote access policy that addresses contractor access is something to be taken very seriously.  Furthermore, proper segmentation techniques need to be in place to ensure access to critical systems is blocked.  Although current PCI requirements don't mandate segmentation - our bet is it's coming.  Your company doesn't want to be the next headline (at least not for this) - contact us today to get a free initial consultation.