Cyber Security in Business

Cyber Security in Business

Strayer College

Info-System and Decision Making

CIS 500

Cyber Security in Business

Challenges Protecting Assets and Information:

Over the years, the development of the traditional business style has evolved into a framework, influenced by globalization, internationalization and technological advanced based businesses. With change comes internal and external risks that threaten the health of an organization. Generally, it is the responsibility of Management to employ an infrastructure that will safeguard the company’s assets as well as its customer’s dependence on a healthy and secure relationship.

Setting protocols that tackle the challenges an organization faces when protecting all inbound and outbound information. Establishing corporate governance through:

Management – By regulating how data is used among its employees. Developing guidelines that follow federal and state laws as well as assuring these rules are enforced and followed.

Optimizing IT Resources – Segregation of networks will allow data to reside in separate sources. This will limit the risk to any vital information which may include company and customer financial data. With different infrastructures, no one person will have access to both systems and the company can maintain control over how the information is processed and disseminated.

Regulatory Protocols – keeping all employees knowledgeable of old and new protocols that the company requires to follow. Providing workshops and documentation of government regulations as a standard requirement, as well as group enforced regulations. Assuring the stakeholders that protecting the assets of the company is a primary concern for the success of the organization.

Cost – It is believed that the cost of a substantial infrastructure or fraud prevention systems is too expensive to implement. The value should not be an issue when involving the protection of a company’s assists. It is an investment to support the business and avoid any future unnecessary cost to the company.

The Red Flag(s) Target ignored:

Through the investigation of state and federal agencies, including the Federal Trade Commission and the SEC; it has been reported that the breach was overlooked “Based on their interpretation and evaluation of that activity, the team determined that it did not warrant immediate follow up (The Associated, P. 2014, pp 4). The security team ignored any actions that seemed to be abnormal and deemed them inconclusive. The results, 40 million credit card records, and 70 million customer records were stolen

The signs were there, but the company failed to take heed to the warnings. First, the installation of malware did not set off any alarms. Recognizing these alerts could have shut any future criminal activity down before it started. An analysis and update of Target’s protection software would be a temporary solution until a more permanent resolution could be put into place. Second, third-party vendor access that did not pass the security process regulations. Failure to follow company protocol is a recipe for disaster. Making sure everyone who will gain access to the company network follows the proper security procedures should have been one of the top priorities for securing vital company information.

Currently, we as consumers put ourselves at risk every day. Companies are also placed with the most significant challenge of protecting their customer’s information from internal and external threats. Staying ahead of trends is not only left to gaining profits and increasing revenue but the patterns of hackers and the several types of risks populating. In the case of Target’s breach, knowledge and experience were not on the side of the company. With hackers being a little more creative in their attempts to violate the companies network they chose to use ordinary activities to successfully penetrate the system. These transactions sparked some triggers but not enough to generate any thoughts of malicious behavior.

In my opinion, it is difficult to say there is a right and wrong answer in this situation. There are always additional factors that are not being reported. With millions of transaction exchanges occurring every day, it is unfortunate the company’s network was breached. The most work a business will endure from these issues is the recovery. Target took a stock loss of 46% following the security breach of their systems. The damage does not include monies spent towards investigations, upgrades and any financial restitution the business will have to pay for the cost the attack produced.

Actions Target Took After Breach:

One of the primary actions the Target Corporation took to rectify the damage is the resignation of Beth Jacob from her position as Chief Information Officer, as well as the Chief Executive Officer, Greg Steinhafel, the first boss of a major corporation to lose his job over a breach of customer data (AP Retail, Writer, 2014, pp 1). Under the new blanket of Management, the organization announced it would accelerate its plan to roll out a chip-based credit card system that will give a more secure infrastructure and prevent any future threats. All continued efforts of recovery will need to be directed to rebuild the trust of the consumer and the stakeholders.

Two years following the breach, the Target corporation had yet to reveal the actions taken to guarantee to another violation will be prevented. Overall, it is estimated that the total cost of recovery is at $162 million. It would be in the best interest of the organization to reevaluate and implement a better system.

Why the Attack on Target?

In conclusion, I feel the attack occurred at the fault of Management and the individuals who oversee the network. Each customer who patronizes a business places their trust into the company to protect their information from harm. It is the role of the company to make sure they are doing everything in its power to keep that information secure. By this, it is within the company’s service to build and maintain an infrastructure which will perform the tasks of securing any data passing through its network. As time progresses, it is essential that the company assures the system is structurally sound to continually perform these tasks and if not upgrade or replace the infrastructure to work accordingly.

A Management team that is educated on the ins and outs of the network system is not always available, but it is their job to employ people with experience and knowledge to know when changes are needed. That person should be aware of signs, whether big or small, that pose questions of concern and act upon them with the same attentiveness as if their own financial information was stolen. Also knowing when to consider that the lifespan of a network today should be cut in half. As a valuable part of good business, only meeting standard requirements is a failure on behalf of any company. These lessons will come too late for the Target Corporation but give other companies a new outlook on the type of threats they must be aware of from here on out.

REFERENCES

AP Retail, W. (2014). Target’s CEO is out in wake of big security breach.

The Associated, P. (2014). Target says it ignored early signs of a data breach.

Turban, E. (2013). Information Technology for Management: Advancing Sustainable, Profitable Business Growth, 9th Edition. [Strayer University Bookshelf]. Retrieved from https://strayer.vitalsource.com/#/books/9781118672761/