An analysis of the Target breach offers about a dozen “could haves” – steps the retailer might have taken to prevent the breach. The bad guys reportedly gained access to Target’s system through stolen credentials from a contractor. The report is a political document, and might help its patron – Sen. Jay Rockefeller, the West Virginia Democrat who chairs the Senate committee – advance a bill he introduced that’s designed to get retailers and other businesses to tighten their information security practices. Enterprises must architect their IT to make it impossible for anyone without a need to know to reach the parts of their systems containing sensitive customer and other vital information.”]
Source: https://www.govinfosecurity.com/blogs/target-analysis-could-have-should-have-p-1645