I get that Target might've forced their IT department to take the cheap way out and forgo a nice, isolated building management system. That's out of their control.
But how could they not notice the spike in network traffic as data was being sent to the hackers?
They should know how much bandwidth their terminals are chewing up on average, how many transactions are occurring, approximately how much data should be crossing the network per transaction and have an eye out for a sudden burst of outgoing data heading to one IP address.
Is there something I'm missing here?