IT Negligence Permitted Target Breach

Concerned Hands over Mouth

Although it may seem like Target just cannot catch a break, the real-time coverage about every development in the ongoing saga of the retailer’s data security breach can serve as an invaluable lesson to information technology professionals in their own line of work. The latest buzz surrounding this debacle is not that the store’s IT department did not have the proper data protection measures in place, but rather that it decided to ignore the warning signs leading up to the detrimental hacking incident. As chief information officers and their staff members examine these latest bits of information, they should take away the importance of keeping a keen eye out for red flags, following up on them to prevent any disaster breaches from occurring.

Lack of technology was not to blame
Without knowing any of the details pertaining to the Target incident, a tech expert may be inclined to think that the reason the retailer’s system was infiltrated was that it did not have the proper precautions in place. This could be a reasonable assumption, depending on the situation. In today’s day and age, companies are housing more and more of their confidential information in networks, but the technological solutions used to secure those datacenters are not always employed to their fullest potential.

That being said, the more facts about the Target controversy that are being revealed, the less likely that insufficient IT seems to be the cause. In fact, InformationWeek reported that recent findings indicate that the company not only had an ample amount of the right solutions implemented to help it manage potential cyberthreats, but also that the corporation’s system actually detected unauthorized activity that suggested an impending attack.

“Like any large company, each week at Target there are a vast number of technical events that take place and are logged,” said Target spokeswoman Molly Snyder in an email, according to InformationWeek. “Through our investigation, we learned that after these criminals entered our network, a small amount of their activity was logged and surfaced to our team. That activity was evaluated and acted upon.”

IT malpractice is the cause
Despite the fact that Target’s system, which has cost the company hundreds of millions of dollars to adopt and maintain, indicated that there were signs of suspicious goings-on prior to the incident, the company’s team of IT experts decided to act upon the threats – by doing nothing.”Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up,” Snyder explained, according to the source. “With the benefit of hindsight, we are investigating whether, if different judgments had been made, the outcome may have been different.”

While it may be too late for Target in terms of steering its company clear of a cyberattack, other IT professionals can take away a valuable lesson from this incident. There is no denying that it is imperative for tech departments to adopt sophisticated data security protocol, ensuring that their companies are compliant in terms of the mechanical aspect. However, Computerworld pointed out that if these teams do not have access to the right talent to leverage these tools and address potential problems, these solutions could be useless.

“I have seen enterprises roll out very expensive systems to handle security monitoring, yet there is no subject matter expert for this technology or risks within the enterprise,” stated Joe Schumacher, security consultant for Neohapsis, as cited by Computerworld.

If this is the case, it is as if a team of rowers were in charge of a massive yacht – unaware of what they are doing and where they are going, and unable to navigate it in an effective manner.

Eric Chiu, president and co-founder of cloud security firm HyTrust, explained that, ”you can have all the alarms you want, but unless you put security in a prominent position in the company and have enough staff to review them, those alarms don’t mean anything.”

Bearing this in mind, CIOs should be sure to have not only the technical aspect of data security down, but also the manpower. By guaranteeing that the knowledgeable IT professionals are dealing with these tools, following best practices when doing so, only then could companies thwart cybersecurity attempts.

“Any organization looking to implement security technologies should make the same investment in their people to help configure the technology,” Schumacher stated.

CIOs.com
CIOs.com is your place on the web for intelligent, issue driven content that helps you develop practical IT solutions and strategy.