A play-by-play account of the Target data breach debacle has flooded a number of media channels for months now – and chief information officers have taken notice. The latest development in this ongoing controversy has come with the resignation of the retail giant’s CIO Beth Jacob. In the wake of this information technology executive’s decision to step down, Target has been making moves to overhaul its approach to data security, and many professionals throughout the field in general are evaluating their own methods to ensuring their confidential company information is safe from prying eyes.
Cyberattack aftermath prompts CIO resignation?
Following the cyberattack on Target that resulted in millions of customers’ credit card information being swiped, the corporation has taken a hefty hit. Not only does the company have to shell out millions of dollars to take care of damages, but it has also had to watch as the price of its stocks has plummeted. With all of these losses, it was only natural for Target to try to rationalize the incident, finding somewhere to place the blame for what happened.
While it is safe to say that Jacob is not solely responsible for allowing the hacking incident to happen, being the head honcho of the corporation’s IT department probably put her under the microscope. The CIO announced her resignation “effective immediately” in a letter to Target’s chairman, president and CEO Gregg Steinhafel, according to InformationWeek. Some individuals maintain that the tech executive was persuaded to do so by the company, but the specifics of the situation are still up in the air. However, it would not be completely atypical for a business in this predicament to make such a request of its CIO.
“Under these circumstances, it’s pretty standard, if for no other reason than optically it just shows the company taking action,” Ted Julian, IT security professional and CMO for incident response company Co3 Systems, told InformationWeek. “It allows them to get someone new with some new ideas and enthusiasm and excitement that can be shown to make aggressive changes.”
Retailer revamps IT security
Target is, in fact, making dramatic modifications – and quickly. Management is already searching for an interim CIO and has announced that it will be upping its data security, taking its hacking prevention measures to the next level. Despite this IT protection proclamation, the question remains, were the security efforts under Jacob really all that insufficient?
“Here’s what we do know: this was not an anemic security department that lacked staff or resources,” said Julian to InformationWeek. “That’s not to say that maybe they shouldn’t have more, but … this looks to be a well-funded, highly competent group, with extensive rapport across Target and the industry.”
Nevertheless, Target representatives feel that they need to do some serious damage control, which has prompted them to publicly declare the slew of changes that the company will be making to better guarantee a cyberattack will never happen again. For instance, Claims Journal reported that the corporation has made room for new roles within its IT staff that will be filled with tech experts outside the organization. The company plans to delegate data security duties not only to the CIO, but also the newly established chief information security officer and chief compliance officer.
In addition, Target plans to consult external experts, bringing in advisers from Promontory Financial Group. These IT professionals will look into the infrastructure the company currently has in place, as well as the practices used to leverage these solutions and the employees it has on staff. After evaluating these elements, representatives from the consultancy firm aim to provide Target guidance in terms of the steps the retailer needs to take so it can move toward more effective data security.
Target tackles lingering issues
As the corporation directs a large part of its attention to ensuring it will prevent future cyberattacks, it also has to address the aftermath of this past incident. For starters, Target intends to provide a year’s worth of complimentary credit card monitoring services to customers who request them. On top of that, the retailer plans to invest approximately $100 million to install chip-centered credit care equipment that will replace those relying on magnetic strips. This shift will hopefully increase card security for consumers doing business with Target.