BMC has denied that its software was used in the break in.
The hackers also managed to infect another system and steal personal data, such as email addresses and phone numbers, for 70 million people before Target shutdown the breach December 15, almost three weeks after the hackers planted malware in the POS systems.
The integration of so much technology in a large corporation makes it nearly impossible to plug every hole, Murphy said.
"The interconnectivity of this stuff makes it so supremely difficult to find (the vulnerability)," Murphy said.
So, a good risk management strategy would identify the most valuable information in an organization and regularly check the security in every system that could be used to gain access to that data, she said.
Sign up for CIO Asia eNewsletters.