In 2013, US retailer Target fell victim to one of the largest and most serious data breaches on record. Up to 70 million customers had personal and financial details stolen after hackers gained access to the firm's network via compromised point-of-sales terminals.
The repercussions of this are still being felt, which should illustrate to any large business the dangers they face if they do not take care to protect their systems and put tools in place to immediately detect any intrusion into their network.
According to Computer Weekly, details stolen in the Target hack included names, addresses, email addresses and phone numbers of Target customers. As well as this, 40 million users were thought to have had their credit or debit card information stolen. Up to three million of these payment card details are thought to have been traded online and used for fraud before banks were alerted to the theft.
Having customers' credit cards used for fraud is clearly hugely harmful to any company's reputation, and will make many people think twice about doing business with a firm in the future. But lost revenue as a result of this is only part of the expenses a large enterprise can expect to incur if it falls victim to a hack on the scale of Target's.
In its latest financial report, the retailer revealed the scope of the damage so far, with it incurring costs totalling $162 million (£105 million). This includes $4 million in the fourth quarter of 2014 and $191 million in gross expenses for last year as a whole, as well as $61 million gross for 2013. Target added that the gross number was offset in part by insurance receivables of $46 million for 2014 and $44 million for 2013.
However, some commentators have suggested that the fallout is far from finished, with president and co-founder of cloud control firm HyTrust Eric Chiu saying this is just a "drop in the bucket." When potential legal action is taken into account, he predicted overall losses could reach as high as $1 billion.
Mr Chiu added: "That should serve as strong evidence that companies need to make security a top priority - especially around insider threats, which is how most breaches are happening today."
It should also emphasise to executives that strong network security is not just an issue that can be left to the IT department - all parts of the company need to be aware of the risk, up to and including senior members of the board.
Target has already seen both its chief executive officer and chief information officer resign as a result of the breach, as shareholders and customers will demand that companies show accountability for any security failings.
In January, a federal judge in the US gave the go-ahead for customers who had details compromised in the breach to proceed with a class action lawsuit against the company. In his ruling, Judge Paul Magnuson described the breach as "one of the largest breaches of payment card security in United States retail history" and dismissed Target's claims that the plaintiffs could not show they had suffered injury as a result.
If companies wish to protect themselves from these types of issues, strong security solutions are a must. Innovations from Encode supported by IBM QRadar provide a unified architecture for integrating security information and event management, log management, anomaly detection, incident forensics and configuration and vulnerability management. This can help firms quickly spot and react to threats before they have a chance to damage the company.