Update: Gregg Steinhafel, Target’s CEO of 35 years, resigned five months following the disclosure of their data breach. By the end of 2014, Target had incurred $162 million in net breach-related expenses.
A growing number of reports suggest that not only did Target’s security work as it was expected to, but the intrusion also set off all the appropriate alarms and those alarms were, in fact, heard. They were just, apparently, ignored. According to an article by Bloomberg Businessweek, “Not only should those alarms have been impossible to miss, they went off early enough that the hackers hadn’t begun transmitting the stolen card data out of Target’s network.”
Had the company’s security team responded when it was supposed to, the theft that has since engulfed Target, touched as many as one in three American consumers, and led to an international manhunt for the hackers never would have happened at all.” If those reports turn out to be true, then it suggests a culture of security that has absolutely failed — probably starting at the top. That is why I found it so fascinating that just after Target fired its Chief Information Officer on March 5, the CEO commented in a press release that Target’s top executives would listen to security leaders more closely. It’s probably fair to assume that leadership at Target didn’t think security was that big a deal or priority, however, that’s the answer.
The indifference probably filtered its way through the entire organization, which is the only explanation I can see for why Target’s security personnel would have detected an intrusion and just simply ignored it. The greatest weakness in security has always been apathy, and its creep can be relentless. It’s like carbon monoxide: you can’t see it, smell it or taste it, and no one knows it’s actually there until it’s too late. To avoid breaches like this in the future, failed leadership has to be held accountable. It reminded me of the Sony data breach that claimed more than 70 million victims in 2011.
Despite of the fact that the company had been in business for more than half a century, and at the leading edge of all kinds of technologies, the company’s management only admitted after the massive breach that it didn’t even have a chief security officer and would finally consider appointing one. Perhaps Target’s CEO should go, not to satisfy any bloodlust by affected customers and victims, but as a warning to all the other complacent CEOs who are sitting on the next big data breach waiting to happen.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.