What CEOs Should Learn from Target’s CEO Resignation

No company—big or small—is safe from potentially devastating cyber attacks. Here’s how you can protect your company—and your own reputation.

July 9 2014 by Tom Pettibone


When Gregg Steinhafel, Target’s CEO since 2008, abruptly resigned in May, the company’s recent weak financial performance clearly factored into the change. However, the massive 2013 holiday-season data breach involving 40 million credit cards and 70 million customer records must also have been a factor.

Certain cyber-security warnings appear to have been ignored. In mid-2013, Target installed FireEye, a $1.6 million sophisticated malware (malicious software) detection tool with online monitoring by Target employees in India. On November 30, the tool flagged someone downloading malware onto Target computers (possibly Russian hackers). The Indian employees notified the security team in Minneapolis. Then, apparently nothing happened. No action was taken.

Subsequently, for three weeks, the hackers copied credit card and customer data, temporarily staging it on other Target computers until wholesale data transfers could be masked in normal business transactions. Finally, on December 12, the U.S. Department of Justice contacted Target after receiving reports of fraudulent charges. The rest is history.

Brussels-based SWIFT is a member-owned cooperative through which the financial world conducts global business operations. Consisting of 10,000 banking organizations, securities institutions and corporate customers in 212 countries, it exchanges millions of standardized, financial messages every day. At a recent conference, CEO Gottfried Leibbrandt described the dire situation facing businesses all over the world:

  • “It’s a bad, scary world out there and it’s getting worse. The cyber threat is very real and persistent. If you are not paranoid yet, you should become so.”
  • “While cyber criminals are getting ever better organized and funded, we now also have state actors, focusing on not just snooping, but disruption.”
  • “We… require networks that are designed to meet the highest standards in terms of confidentiality, integrity and availability.”
  • “Data protection is core to what we do and cyber-security is part of our DNA, not an afterthought.”
  • “We fully support the EU Cyber Security strategy consisting of: Networks that operate across borders,” standards (such as ISO 27001-2). A robust (European) ecosystem of expertsand providers.”