News
AccessData comments on departure of Target CEO following breach that affected millions of customers
May 2014 by AccessData
AccessData has commented on the resignation of Gregg Steinhafel, CEO of US retailer, Target, which suffered a major security breach in the final months of 2013, resulting in tens of millions of customers’ payment card details being compromised.
Steinhafel’s resignation follows the departure of former Target CIO, Beth Jacob, who left the retailer in March in the wake of the security breach.
The retailer’s IT systems were breached in November, but IT staff did not act upon the security alerts until December, when federal authorities notified the company of unusual activity on its networks. Experts have agreed that the incident demonstrates the need for IT professionals to report directly to the board of a company, rather than the CIO alone.
Craig Carpenter, CMO and cyber security strategist at AccessData comments, “Where Target fell down was not with its defensive measures, which actually detected the breach within a day of the first compromise. However, Target’s security team was unable to separate the real alarms from the noise and respond quickly and effectively to genuine cyber attacks. Cyberthreats are so pervasive and so damaging to any corporate brand that incident response needs to become a board-level matter. Cyber attacks are not isolated events, organisations are being hit again and again. C-level executives cannot afford not to know what’s going on.”
Carpenter believes that , “The Target incident and legislation such as the EU General Data Protection Regulation, which proposes mandatory breach disclosure within 24 hours and fines of up to 2 per cent of an organisation’s worldwide turnover, will push global corporations and government entities to mature their incident response”. He also states, “Security vendors share some of the blame, because what good is technology if it neither tells users what alerts really matter, nor does anything to actually resolve them effectively? Incident response, which failed at Target, will become a key business process just like so many other operational processes, eventually becoming highly predictable, automated and measurable.”
References:
Wall Street Journal, 5th May 2014: “Target Breach Fallout Shows CEOs, CIOs Share Cybersecurity Stakes” http://blogs.wsj.com/cio/2014/05/05/target-breach-fallout-shows-ceos-cios-share-cybersecurity-stakes/
CSO, 5th May 2014, “Target CEO resignation highlights cost of security blunders” http://www.csoonline.com/article/2151381/cyber-attacks-espionage/target-ceo-resignation-highlights-cost-of-security-blunders.html
TMCNet, 5th May 2014, “Bad Guys Score Bull’s-Eye on Target CEO” http://www.techzone360.com/topics/techzone/articles/2014/05/05/377887-bad-guys-score-bulls-eye-target-ceo.htm
EU Data Protection Reform, 12th March 2014 http://europa.eu/rapid/press-release_MEMO-14-186_en.htm
