When Gregg Steinhafel, Target’s CEO since 2008, abruptly resigned in May, the company’s recent weak financial performance clearly factored into the change. However, the massive 2013 holiday-season data breach involving 40 million credit cards and 70 million customer records must also have been a factor.
Certain cyber-security warnings appear to have been ignored. In mid-2013, Target installed FireEye, a $1.6 million sophisticated malware (malicious software) detection tool with online monitoring by Target employees in India. On November 30, the tool flagged someone downloading malware onto Target computers (possibly Russian hackers). The Indian employees notified the security team in Minneapolis. Then, apparently nothing happened. No action was taken.
Subsequently, for three weeks, the hackers copied credit card and customer data, temporarily staging it on other Target computers until wholesale data transfers could be masked in normal business transactions. Finally, on December 12, the U.S. Department of Justice contacted Target after receiving reports of fraudulent charges. The rest is history.
Brussels-based SWIFT is a member-owned cooperative through which the financial world conducts global business operations. Consisting of 10,000 banking organizations, securities institutions and corporate customers in 212 countries, it exchanges millions of standardized, financial messages every day. At a recent conference, CEO Gottfried Leibbrandt described the dire situation facing businesses all over the world:
While most CEOs acknowledge information security is a top priority, it is often addressed ad-hoc after a data breach occurs (i.e., the car engine has seized). The Target incident changes that paradigm, suggesting a more proactive and methodical approach involving an Information Security Management System (ISMS) built on ISO 27001-2 standards. Companies have standard processes for accounting, procurement and HR; why not have an information security system?
The U.S. Department of Homeland Security urges CEOs to ask the following questions:
With an ISMS tailored to your company (one size does not fit all), you will be alerted to security breaches having high impact to your company. You get the red light warning that something bad is about to happen and you can take proactive action with and through your security team. Properly constructed, the alerts cannot be masked or ignored. It’s a dangerous world out there. Take the first step. Find out what security framework you have, compare it to your industry best practice and develop a plan for improvement. Your shareholders, partners and employees will be reassured; and most important, you will have taken an important step to protect your company’s assets from security risks.
In this edition of our Corporate Competitor Podcast, leadership speaker and storytelling expert Don Yaeger…
Being able to reconfigure our business model often means being willing to blow up something…
Latest Chief Executive survey of Best & Worst States for Business demonstrates upward mobility is…
Shark Tank celebrity investor O’Leary really loves Oklahoma and other 'flyover' states while training specific…
Arlington County, Virginia, takes creative and multipronged approach to cutting its high office-vacancy rate.
Epsilon Advanced Materials is tapping into American EV transition by siting a $650-million plant.