Target CEO Departure a Teaching Moment?

There are times when it just makes sense to walk away.  To blow it all up and just leave it all behind, especially in the face of a disaster.  Sometimes, it might not be the most logical move, and keeping one’s head down and focus forward can yield positive results in the future, perhaps even a redemption of sorts (Congrats to the San Antonio Spurs on their 2014 NBA title).

Then you have the other hand, times when stepping aside and bowing out are likely options, even seemingly inevitable.  Such a scenario now faces the players of the Spurs’ opponent, the upcoming free agents of the defeated Miami Heat, as they approach their impending offseason; as it did Target CEO Gregg Steinhafel when the company’s board of directors requested his resignation last month, following the holiday credit card breach that impacted about 40 million customers.

Hard to find fault with an ousting like this.  The “common perspective” might be that in matters of cyber security and data breach incidents, the buck stops at IT.  And perhaps that has even been the case in the past.  But that’s irrelevant now.  When you consider the exponentially increasing sophistication of the tools available to cyber thieves, along with the unprecedented scope of their actions (again, 40 million, yeesh), of course, the firing of some IT executive isn’t going to be sufficient, particularly in the public eye.  Eric Basu of Forbesintimates this is a sign of things to come for C-level executives of businesses across the spectrum; sums of billions, as Target is expected to lose, tend to demand a fall from on high.

It thus becomes imperative for CEOs and other execs to learn their way more around information security, technological concepts, etc., as well as the risks of corporate data loss, and the opportunities to address such key issues.  Perhaps most crucially, this will help impart knowledge about the difference between compliance and security.

While it seems unlikely that a similar fate will befall some Domino’s executive due to the theft of the personal (but not financial) information of almost 600,000 French and Belgian Domino’s customers—and the failed ransom threat on the company—cyber criminals are not going to halt their offensive.  CEOs and other members of management should have a more thorough understanding of their systems, technologies, and courses of action in event of a serious breach.  Otherwise, more will inevitably follow Mr. Steinhafel out the door.


http://www.netlib.com/blog/application-security/Target-CEO-Departure-a-Teaching-Moment.asp

Called Out by Google, Comcast's Response on Email Encryption

Movement on all things data security has really picked up in recent months.  Thanks in part to numerous high profile data breaches which I feel I keep mentioning, it’s the new hot topic; significant pushes have been made to bolster the earthworks around people’s information, from IT to the national level.

Database Encryption for Physical, Virtual, & Cloud Environments

YOUR CHALLENGE

The shift to make businesses more competitive means that critical data must be available and secure in the Physical, Virtual and Cloud environments. Organizational effectiveness is directly related to performance of applications and the database systems delivering the data. Security and compliance initiatives have historically had a negative impact on performance levels, leading to increased labor cost and slowed client transactions. Current practices focus on Perimeter Protection - firewalls, intrusion detection, monitoring. This leaves critical databases and back up media (data-at-rest) with little to no protection from external or internal intruders. Most data breaches occur while data is at rest. The risk associated with a data breach can severely impact cash flow, stock price and reputation.

Automation - The story of a Hacker attacking you with your refrigerator

“New... powerful... hooked into everything, trusted to run it all. They say it got smart, a new order of intelligence.”

While this quote and its context are a bit more morbid than my feelings on this topic, those words Kyle Reese uttered are the first that come to mind whenever I hear about the succinctly named “Internet of Things.”  If the term is unfamiliar, and you haven’t caught the Cisco commercial that illuminates the possibilities, the core idea is to take anything you can possibly think of—any device, any tool, any bit of electronics—and make it “smart.”  Create a network of physical devices connected via new technology. 

Changing the Status Quo on Data Notification Laws

“Patchwork.”  That’s the term that seems to be bandied about with the most frequency when talking about the system in place for notifying customers their personal information has been compromised.  A “patchwork quilt.”  And not the nice kind, like the family quilt your grandmother inherited from her parents which eventually finds it way down to you.  No, this patchwork is the type that can only be described, to quote Senator Tom Carper (D-Del), as “a nightmare.”