In 2013, attackers broke into Target's network through a third-party HVAC vendor. They installed malware on point-of-sale systems across 1,800 stores. Over the next 76 days, the credit and debit card details of 40 million customers were silently stolen.

Target had a security monitoring tool installed — FireEye — which detected the malware and sent alerts. The alerts were ignored. Nobody acted on them. By the time the breach was reported by an external source (the US Department of Justice contacted Target), the damage was done.

The tool worked. The process failed. This is the core problem with logging and monitoring failures — it is rarely about missing technology. It is about whether anyone is actually paying attention and whether there is a clear process for what to do when something fires.

Target's breach resulted in the resignation of their CEO and CIO, $18.5M in settlements across 47 states, and a complete overhaul of their security infrastructure. All of it was preventable.