Target’s CDO departure underscores C-suite tensions
The removal of Target’s chief digital officer after only four months suggests that integrating new members into the C-suite can be a challenging, contentious enterprise.
The removal of Target’s chief digital officer after only four months suggests that integrating new members into the C-suite can be a challenging, contentious enterprise.
When Home Depot and Target experienced large-scale security breaches on payment systems in 2014, it hit those top retailers hard: Criminals stole millions of consumers' debit and credit card data; the companies lost hundreds of millions of dollars in fines and lost sales; and their brand reputations suffered.
You may recall how the last tech bubble 15 years ago resulted in staggering market losses, numerous failed start-ups and increasing IT unemployment. Less noticed was the bubble's eerie correlation to undergraduate enrollments in computer science.
When Wakefield Canada, the exclusive distributor for Castrol in Canada, set out to replace the tablets used by their sales team, it went right to the source to figure out what to buy: The people who would be using them in the field.
You've likely experienced <a href="http://www.healthcareitnews.com/directory/alert-fatigue">alert fatigue</a> at some point in your life. You feel exasperated as your phone pings for what seems like the hundredth time in a day, or your eyes glaze over as a glut of new analytics data rolls in. You feel resigned to the fact that an influx of email could very well go on forever.
Follow me, if you will, on a journey back in time to just one year ago. As 2013 turned into 2014, the information security industry was buzzing about the latest spate of breaches. Target had ushered in a new era of retail security breaches, with 40 million card numbers lost to the hackers. Little did we know at the time that this was just the beginning, and small potatoes in comparison to what was to come. One year ago, Neiman Marcus and Michaels had joined Target, and <a href="http://www.computerworld.com/article/2487265/security0/security-manager-s-journal--cyberattacks-just-got-personal.html">I wrote in response to the growing number of breach disclosures</a> that "in fact, I have to wonder which retailers have <em>not</em> suffered breaches. The word on the street is that at least a half-dozen other retailers were compromised in the past few months, without publicity." Sadly, this turned out to be true. I hate being right all the time.
Beyond the compromise of valuable information, loss of revenues and damage to brand reputation, data breaches can pose a threat to the careers of security professionals involved: witness the sudden <a href="http://www.networkworld.com/article/2174919/network-security/target-cio-resigns-following-breach.html">departures of both the CEO and the CIO</a> of Target after last year's compromise of 40 million customers' credit cards.
A lot of security processes failed during the <a href="http://www.computerworld.com/article/2486959/cybercrime-hacking/target-says-hackers-likely-accessed-40-million-cards.html">breach of Target's systems</a> during last year's holiday season, but one surprising revelation was that the <a href="http://www.computerworld.com/article/2488641/malware-vulnerabilities/major-companies--like-target--often-fail-to-act-on-malware-alerts.html">retailer actually did receive</a> security alerts about the malware in its system. Yet because the security team was bombarded with alerts -- estimated at hundreds per day -- it couldn't adequately prioritize them.
A funny thing is happening in the wake of the <a href="http://www.computerworld.com/article/2490179/security0/security0-the-snowden-leaks-a-timeline.html">Edward Snowden NSA revelations</a>, the infamous <a href="http://www.computerworld.com/article/2601905/apple-icloud-take-reputation-hits-after-photo-scandal.html">iCloud hack of celebrity nude photos</a>, and the hit parade of customer data breaches at <a href="http://www.computerworld.com/article/2490637/security0/target-finally-gets-its-first-ciso.html">Target</a>, <a href="http://www.computerworld.com/article/2844491/home-depot-attackers-broke-in-using-a-vendors-stolen-credentials.html">Home Depot</a> and the <a href="http://www.computerworld.com/article/2845621/government/us-postal-service-suffers-breach-of-employee-customer-data.html">U.S. Postal Service</a>. If it's not the government looking at your data, it's bored, lonely teenagers from the Internet or credit card fraudsters.
Despite the massive scale of the theft of Personal Identifiable Information (PII) and credit card and debit card data resulting from last year's data breach of retail titan Target, the company's PCI compliance program may have significantly reduced the scope of the damage, according to new research by security firm Aorato, which specializes in Active Directory monitoring and protection.
Companies including MITRE are looking at privileged access and how to better lock it down -- without stopping employees from doing their jobs.
Companies that suffer major data breaches almost always portray themselves as victims of cutting edge attack techniques and tools. The reality, though, is often much more mundane.
That someone had to take the fall for the massive breach at Target is neither surprising nor unexpected. The only question is whether more heads will roll in the aftermath of one the biggest data compromises in retail history.
Migrating U.S. payment systems to the Europay MasterCard Visa (EMV) smartcard standard could take significantly longer than envisioned and offer fewer security benefits than what's being touted by proponents of the technology.
The recent data breaches at Target and Neiman Marcus have once again shown that compliance with the Payment Card Industry Data Security Standard (PCI DSS) is no guarantee against an intrusion.