How Target was hacked: Urgent Lessons for the Facilities Industry

Source: Breaking the Target: An Analysis of Target Data Breach and Lessons Learned

We all hate the thought of being hacked

It may have been the worst day of Ross Fazio’s life;  he just got word that his customer, Target Stores, was hacked, and 40 million credit cards stolen.  It was late 2013, one of the worst years in history for data breaches in retail.

It probably wasn’t Fazio’s fault.  A phishing scam, starting with an innocent looking email, likely had been opened by someone on staff, unleashing a criminal hack so large that even the criminals probably couldn’t believe their luck.  Ross’s company, Fazio Mechanical Service, provides HVAC services to retailers like Target.  It could, just as easily, been any service business, large or small.

Customers, like Target, often demand that their vendors close out work orders or provide service history details about the work completed on-site.  No data, no pay.   Fazio appears to have been following their customer’s rules, by logging into the Target network, and accessing Target’s Ariba business system to close out their work.  Unfortunately, the phishing had allowed the hackers to gain access to Fazio’s login credentials, and once inside Target’s network lacked security to prevent the hackers from accessing the point-of-sale and credit card data.

Digital twins will secure your enterprise

The only foolproof way to prevent this from happening again is to never allow vendors into your enterprise, or if you’re a vendor, never give your customers access to your own enterprise.   The IT industry calls this approach “Zero Trust”, for obvious reasons, but this exactly what’s needed for the facilities industry to function securely and efficiently.   Zero Trust doesn’t mean that business partners can’t work together, it just means that they need to do so with cyber-safety in mind.   This means a new architecture for business processes, involving “digital twins” that support the exchange of data between business partners, in a secure, neutral workspace, a workspace like the BuiltSpace platform.

So lesson learned: build stronger business partnerships by never digitally trusting your partners.  Maybe it’s not obvious, but adopting a zero trust security model may be the best business decision you will ever make.  Contact us to learn more.   It’s easier than you may think.