Targeting target with a 100 million dollar data breach Case Study Help
If I was in the CEO’s shoes; I would have immediately taken action on uncovering the cause of the breach and would have addressed the breach and contact to the IT support. I would have gotten more involved in the breach response as well as preparedness due to the financial implications that the incident could have been blamed on the firm. Additionally, I would have made the customers informed as soon as possible to protect the company from the consequences or the risk of the data breach, such as: damage to the brand’s reputation etc.
What lessons should a CEO learn from Target?
As previously discussed that the company had made several mistakes including: improper network segmentation, avoiding critical security alters and insecure POS data handling; the CEO should make sure to make processes in place with core consideration on dealing with the breach in an effective way. Furthermore, the CEO had informed customers about data breach after various days had passed; whereas in the event of the data breach; the customer should be communicated and informed as soon as possible, as it is a good way to save the reputation of the company. The incident provides a solid foundation for the CEOs to make huge amount of investment in the cyber security programs. Additionally, the CEO should ensure that there is a comprehensive security approach and the well communicated and solid guidelines about how to access the data of the company, how to enable the devices to securely access it and what to do in case of event. Furthermore, the company should developed the well tested business continuity and disaster recovery plan to effectively deal with the issue. The CEO should also ensure that the company compliance with the Payment card industry data standards.
What lessons should a CIO learn?
The CIO is recommended to develop the security alert system effectively, with the design of the Fire-Eye Alerts as it helps in preventing the threats. The security alter system is another effective mean of cyber defense, which helps in detecting, preventing and stopping the attacks. On the basis that the human analysts are tend to be undertrained and are error-prone.The CIO should make alert systems more intelligent and usable. The CIO should design effective security warnings, which should be intelligent and adaptive. The CIO should also put in place the zero trust strategy as it helps in protectingthe company from the external attacks and likewiseprotects against the attacks from inside,due to the fact thatthe entire traffic is analyzed as well asmonitored.
What should Target do next?
The company should attempt to protect the network and system against the cyber-attacks, such as: data exfiltration and malware and develop reputable and well known intrusion as well as malware detection service and investigate into the security warnings and take correct measurements to placetheir segment. The company should improve the security and try to win back the lost customer through enhancing its security and technology. The improvements include logging and monitoring, limiting and reviewing vendor access as well as improving the security of accounts.
Additionally, the company should ensure that the password at POS is strong enough and meets the payment card industry data security standards. Another recommended strategy to secure the credit card transaction is the EMV (Europay, Mastercard and Visa) which helps in addressing the security issue in the credit cards through encrypting the data on the card’s chip, due to which the attacker would find it challenging to commit a fraud.
Do you believe consumers are becoming tolerant of breeches?
To some extent, the consumers tend to ignore and avoid or minimize the implications and consequences of having information or data compromised. Some of the customers ignore the data breaches notices. However, some the customers read the data breaches notices but do not take even a single action to protect themselves. The customers demand more security, protection and privacy but at the same time they are not willing to make a use of the privacyenhancing system or the basic security software...................................
This is just a sample partical work. Please place the order on the website to get your own originally done case solution.