**Third-party risk is your risk.** Target was breached through a vendor. Organizations must extend their security perimeter to include all third parties with network access. - **Alerts without action are useless.** Target's monitoring system worked — it detected the malware. The organizational proce