Cyber Security In Business Organizations Case Studies Examples
Fundamental challenges to protect organizational information and assets
Technological breakthrough has led to a revolution in digital media and it is essential for organizations to protect its data. The article “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It”, narrates the manner in which one of the leading organizations failed to respond to possible breach of information.
One of the fundamental challenges that firms face while striving to protect information and organizational assets is that tendency of its employees to dismiss warnings and display a lackadaisical attitude to investigate any kind of fraudulent activity going on by the misuse of technology. Another issue is that of human tendency to wilfully turn off protective functions that can help in automatically preventing the stealing of data. Verizon Enterprise Systems conducted a research and maintained that in only 31 percent instances firms find out breaches by means of their own monitoring system. In this instance, despite warnings sent by FireEye and Target’s security team in Bangalore, the Minneapolis security team decided to ignore warnings thereby triggering off one of the largest online credit cards thefts. Thus, organizations have the tendency to ignore alerts and warnings that led to such cases of online fraud and theft.
Red flags ignored by Target
Target installed a malware detection devise so as to prevent hackers to obtain access to company information. Target’s security team in Bangalore was given the task to check the computers of this company continuously. In case the team in Bangalore found any suspicious activity, they had to notify it to the security team in Minneapolis. On that fateful day, the security team in Bangalore did notify its office in Minneapolis when it was notified by FireEye. However, Target’s security team in Minneapolis decided to ignore the security warnings. Nonetheless, Target refrained from disclosing the public about the lapse displayed by its Minneapolis security team.
FireEye had issued alerts from 30th November till 02nd December as the hackers installed another malware in its security system to steal confidential data. Information through the internet reached FireEye prior to reaching Target and hence the presence of any malware would be first detected by FireEye. This is a smart technology installation as this technology helps in first detecting the attack and immediately sends an alarm to its customer. FireEye’s technology is extremely full proof as it allows the system to erase the malware as soon as it is detected.
However, the security team of Target wilfully turned this function off so that it was easy for the hackers to get access to company data. Most companies refrain from automatic deletion of suspicious data by technology servers as it wants to take a decision as to whether the data is required or deemed malware. However, it is necessary for the security team to respond to the alerts. The main reason for this breach to have occurred is that the security team did not have the necessary grasp to control network security.
Target’s actions post security breach
Target made several blunders that led to this security breach. Moreover, it revealed to disclose information to the public about the security breach that took place as a result of the lackadaisical attitude displayed by Target’s own security team (Nulty, 2013).
Inappropriate communication medium was displayed by Target Chairman, President and Chief Executive Officer as he smartly evaded the questions and maintained that the company was undergoing an evaluation of its processes, systems and human resource after this breach. He further maintained that he would not be able to speculate anything until the outcome of the final analysis. Such communication displays the attitude of an organization to not admit to its own mistakes and leads to reputation loss. Target maintained that it had already commenced working to repair the existing security system to prevent future breach. Moreover, the company also set up consumer response team that notified that the consumers would not need to shell out fraudulent amount that stemmed up due to the breach in Target’s information security systems. However, the consumers were angry with the company and had filed lawsuits.
The attack on Target led to reputation and financial losses for the company. This company had one of the smartest malware detection systems as it had spent a whopping amount of USD 1.6 million for the purchase and installation of this tool from FireEye. FireEye’s malware detection device was full proof as it not only helped in automatic detection of suspicious activity but also had a function to automatically delete such malwares. Moreover, in case FireEye detected any malware it would automatically issue warning to Target’s security team in Bangalore who in turn would alert the company’s Minneapolis security team.
This incident displayed the lackadaisical attitude of the security team in Target’s Minneapolis office and management inability to control this act. The decision to completely ignore alerts issued by its Bangalore team and FireEye displays that human resource in Target did not act. Either they did not deem the situation to be extremely urgent and inform higher authorities or the higher authorities were informed and did not act. At that time, Target did not have a Chief Information Security Officer and hence no one was accountable for taking urgent actions in case of need (Stanwick & Stanwick, 2014). This is an instance of inappropriate handling of human resource in Target. It is essential that Target recruits individuals who are accountable for their jobs including supervisors so that such security lapses does not take place in future.
Draper, H. (2013). Just how bad is this Target data security Breach? Denver Business Journal. Retrieved February 09, 2014 from http://www.bizjournals.com/denver/blog/finance_etc/2013/12/just-how-bad-is-this-target-security.html?page=all
Nulty, E. J. (2013). How to lead during a data breach. Harvard Business Review. Retrieved February 09, 2014 from https://hbr.org/2013/12/how-to-lead-during-a-data-breach
Stanwick, P.A. & Stanwick, S.D. (2014). A security breach at Target: a different type of BullsEye. International Journal of Business and Social Science, 5(12), 61 – 64.