An analysis of the Target breach offers about a dozen “could haves” – steps the retailer might have taken to prevent the breach. The bad guys reportedly gained access to Target’s system through stolen credentials from Fazio Mechanical Services. The report is a political document, and might help its patron – Sen. Jay Rockefeller – advance a bill he introduced that’s designed to tighten their information security practices. Enterprise must architect systems to make it impossible for anyone without a need to know to reach parts of their systems containing sensitive customer and other vital information.”]
Source: https://www.cuinfosecurity.com/blogs/target-analysis-could-have-should-have-p-1645