While much of network security is based on technology based defenses such as firewalls, anti-virus programs, encryption, etc., there is still a human element that can play a significant role, either in support of these defenses or by enabling intrusions. In fact, it is often human error that results in the circumvention of otherwise robust network security measures.
In fact, in one of the biggest cyber intrusions on record, the technological side held up its end of the bargain only to be defeated through the lack of human intervention at a critical time during the event. The massive Target breach in late 2013 still has onlookers shaking their heads due to the fact that the company had set up a robust malware detection program 6 months before the attack that was already in use by a variety of organizations that experience hacking attacks on a daily basis, including the Department of Defense, Equifax, and the CIA.
The malware program by FireEye configured Target’s network so that financial information was segregated from third-party access points, such as outside vendors, and monitored in real time on a 24/7/365 basis for suspicious traffic and actions within the network, two major aspects of a robust network security system. In its most basic form, for example, if a beverage vendor with network access started sending feelers around to areas that it didn’t have certification for, the vendor would show up on the monitoring radar and preventive action would be taken.
In Target’s case, this is exactly what happened. As the hackers who had accessed Target’s network through an outside vendor started to send malware into Target’s system to start exporting the stolen data, the FireEye system caught the activity and sent alerts to the monitoring team located in Bangalore, which in turn notified the network security team at Target’s headquarters in Minneapolis. With that, the technology had performed its duties, with protocol calling for the next steps to be taken by Target’s security team. At this critical “all hands on deck” moment, Target’s team stood down, enabling an estimated 110 million accounts to be exported to the hackers’ domain in Russia.
Whether the inaction to the alerts was a result of underestimating the gravity of the situation or gross negligence, Target will pay dearly for this human error. For businesses, this event serves as a reminder that a robust suite of network security technologies can be undone when the humans tasked with running it aren’t paying attention.