Cyber Security Organizations: A Focus on Target The assets and information of an organization must be protected all the time from unauthorized persons. Organization leaders have given the security of information and assets highest priority including investing in infrastructure that shields them from the potential breach. Companies are adopting digital security options that require frequent updates. The duty of the management is to safeguard the digital structure with the latest updates. However, there are fundamental challenges that organizations will face in the process of protecting organizational assets and information. One of the notable companies that have been affected in the recent past is Target.
The cyber-attack caught the company unawares, but hard lessons were learnt from the breach. The company also took actions after the cyber-attack and focused primarily on the infrastructures of an organization. An evaluation of the company reasons for the attack and the efficiency of the management installation of measures to prevent the retail store from attack are vital. Fundamental Challenges That Organizations Face In Asset and Information Protection Organizations must ensure that that they do not disrupt top operations and growth.
Organizations are concerned with steering primary operations on a daily basis (Kim & Solomon, 2012). Organizations that have cyber-based infrastructure are tasked with protecting the information assets from misuse, infiltration, and theft. Safeguarding the intellectual property and vital business information without upsetting the economic structures within and outside the company is essential. Firms must also deal with internal problems that relate to disgruntled employees (McCumber, 2005). Employees can form alliances with the people who have vested interests with the assets and information regarding products and services.
Workers can release sensitive information without the company knowing and upset the way operations are handled. Intellectual property has created a new form of competition, and rival firms would employ all the tactics to stay ahead in the game and counter the rival innovations. Organizational duty entails putting in measures within the company that would require strict protocol to access sensitive information. Cyber security has become a bigger issue for organizations (Kim & Solomon, 2012). Companies that deal with sensitive information such as credit and debit cards are tasked with strengthening their security capabilities identify, reduce, and eliminate security risks.
Coming up with mitigation strategies that are up to date is calling for a large investment of funds in the IT department alone. Robust technologies are essential, and initiatives that address cyber-attacks differ with the perimeter of an organization. Migrating online has its merits and demerits, and it has become one of the greatest fundamental challenges in the corporate environment. Target was involved in a recent cyber-attack that was carried out in two stages and raised red flags. The compromise of the retail giant resulted in a leak of millions of credit and debit card information.
Red Flags That Target Overlooked In the Retail Cyber Attack Target did not act on the escape route plan executed by the hackers on November 30th (Riley, Elgin, Lawrence & Matlack, 2014). Target had employed FireEye to detect any malware infiltration. The team of cyber security specialists in Bangalore monitored the systems and discovered the staging points used by the Russian-based hackers to hide their tracks. FireEye spotted the routes and notified the security team in Minneapolis.
The hackers were quick to set traps and staging points around United States in a bid to prevent their storage servers in Russia from detection. The target would have utilized the chance to eliminate the infiltration to the servers that stored credit and debit card information. Target thought that meeting the payment card industry (PCI) industry was enough. The certification could not prevent the data breach that followed. According to Riley, Elgin, Lawrence & Matlack (2014) an overhaul of the entire system was important the moment Bangalore team informed Minneapolis security team.
The impending breach in the mainframes of Target retail stores would have been avoided. The transformation would have fastened the structures in the company and help to catch the hackers based in Russia. Another version of Exfiltration malware was installed on December 2, but Target did not act on the alert. FireEye systems and the Bangalore monitoring had done their job and ensured that Target was notified in time. Customers wondered why the company dismissed the alerts despite putting millions of credit and debit cards at risk. The mitigation plan would have initiated a manhunt for the hackers (Fadilpašić, 2015).
Main Actions That Target Took After the Attack Gregg Steinhafel revealed that the company conducted an end-to-end review of the employees (Riley, Elgin, Lawrence & Matlack, 2014). All employees and security teams involved in handling phone numbers, credit, and debit card information for millions of customers within and outside United States conducted the review. The company conducted the review to know the technology and processes to comprehend the potential points that led to the breach and help to improve data security.
The company was destined to learn from the cyber-attack saga that led to the loss of at least $4million. The reviews would help companies create a segregated structure that would limit the breaches. The company also overhauled the information security structure (Fadilpašić, 2015). The process was destined to safeguard accounts for the millions of customers who were affected by the breach. The company had adhered to the PCI certification call for improvement of security standards. Additionally, the improvement also paved the way for the quick transition to chip-enabled cards.
The transition was initiated amidst investigations to hunt the hackers. Chip-enabled cards are secure and are approved by companies such as MasterCard and Visa. An overhaul of the security system would create room for implementation of a network that limits the number of employees and vendors logging in the Targets account. The investigation was necessary because Target wanted to establish and speculate the real cause of the breach. The company fast-tracked the process to protect the customers affected in the retail attack. The company was ready to deal with lawsuits filed by the customers.
The investigation allowed the company to ascertain if the insurance companies would pay for the damages caused and help to fight negligence and compensatory damages. A response to the breach averaged $61million that company would have prevented (Riley, Elgin, Lawrence & Matlack, 2014. The investigation can help to restore investor’s confidence and guarantee customers that their bank accounts are safe. The process of investigation would initiate strategies that can safeguard future transactions. Investigations reinforce the system overhaul processes that have been employed by Target alongside other vulnerable retailers in United States.
Conclusion Target did not heed to the signs given by the Bangalore security team. The installation of FireEye was irrelevant and the certification process to match the standards of PCI could not help either. The company has a team in Minneapolis whose job was to act immediately a red flag was raised concerning malware attacks in the mainframes (Krebsonsecurity. com, 2015). The company has millions of account in its servers, and it was its top duty to prevent and eliminate the malware the moment the signs were detected a few times before the attack was launched.
The hackers got a leeway when they launched decoy staging points, and the company failed to monitor and pin them down. Developing a team of investigation, and the decision to overhaul the system was wise but it was not a timely remedy for the damage that had affected retailing customers in 1097 stores in United States. The cyber-attack occurred due to the inability of the management to act accordingly. Target had invested in a pricey detection tool that is also utilized by CIA and Pentagon (Krebsonsecurity. com, 2015).
Therefore, the company had a watertight infrastructure that could detect malware immediately the hackers launched the malware. The Minneapolis security team was to blame for the damages caused. The company hoped that it would redeem itself from the damages amidst 90 lawsuits across United States. Retailers learnt their lessons and initiated approaches that would keep hackers at bay. References FadilpaÅ¡iÄ‡, S. (2015). The cyberattack on Target cost the retailer Â£100 million | ITProPortal. com. ITProPortal. Retrieved from http: //www. itproportal. com/2015/02/26/target-reveals-true-cost-2013-cyber-attack/ Kim, D., & Solomon, M. (2012).
Fundamentals of information systems security. Sudbury, Mass. : Jones & Bartlett Learning. Krebsonsecurity. com, . (2015). target data breach â€” Krebs on Security. Retrieved from http: //krebsonsecurity. com/tag/target-data-breach/ McCumber, J. (2005). Assessing and managing security risk in IT systems. Boca Raton, Fla. : Auerbach Publications. Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014). Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. Businessweek. com. Retrieved from http: //www. bloomberg. com/bw/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data#p1