Article
The grenade in the corner office
The exit of Target's top executive is a cautionary tale to other CEOs about the critical nature of information security today.
May 9, 2014
By Daryl Cornell
CEO, Triton Systems
That sound you just heard was an explosion in the corner office, as Gregg Steinhafel, CEO of Target, was unceremoniously ushered out after 35 years of loyal service.
While weakening sales and a painful foray into Canada likely hurt Steinhafel, it was the 2013 Target data breach, which exposed the personal information of 70 million customers and more than 40 million debit and credit cards, that sealed his fate.
You can be sure that CEOs and executives everywhere are paying close attention to a number of key takeaways from the Steinhafel sacking, including:
The best defense is a good offense. Look for a surge in demand for chief information security officers and related consulting.
The days of having a CIO handle both information technology and data risk duties are over. Information security at companies of all sizes is now a fulltime job, as hackers grow increasingly bold in compromising financial and personal data.
In addition to the CISO role, look for the addition of the chief compliance officer role, as companies must now document their compliance with myriad rules, regulations and policies, both to increase security and to use as a defense in court if needed.
In addition to prevention, a well-advertised and well-funded commitment to data security might help CEOs avoid Steinhafel's fate.
A wait-and-see strategy is extremely risky. One of the most interesting parts of the Target story is that Target was a very early mover, offering smart chip technology on its REDcards in 2003. After a three-year effort to deploy the cards, the experiment was abandoned as being too expensive.
In addition, no other large retailers showed any interest in the technology, leaving Target as an outlier. How ironic then that it was the (nearly) early adopter that was so famously hacked, costing the company billions and the CEO his job.
More than a decade later, Target has announced that all branded and co-branded debit and credit cards will be reissued in 2015 with smart chip technology, and all POS terminals upgraded.
This $100 million initiative looks expensive until you compare it to the estimated billions in lost sales directly attributed to the breach. You can be sure that CEOs at companies of all sizes will be flocking not only to chip and PIN, but also to other technologies as newly converted early adopters.
Information security is both dynamic and accelerating. In the case of Target, the infamous breach occurred via a vendor and not as the result of a direct attack on company servers.
Hackers have become increasingly sophisticated and brazen in their attacks. Realizing that it is the smaller companies without deep pockets or IT sophistication that are most vulnerable, criminals are now using these vendors and customers as a Trojan Horse to breach the larger, more sophisticated companies.
The message here is to expect the unexpected when it comes to data security. For CEOs today, the price of failure is steep.
In a nation of second acts, we hope that Mr. Steinhafel finds a satisfying and lucrative encore. In the interim, a warning shot across the bow has been fired and CEOs and executives in companies of all sizes would be wise to pay heed.
This article has been republished from the Triton Systems blog, atmAToM, with kind permission from Triton.
Photo: Martin Taylor
Included In This Story
Triton Systems
Triton FI based products • NO Windows 10™ Upgrade • Secured locked down system that is virus/malware resistant • Flexible configurations - Drive-up and Walk-up • Triton's high security standards • NFC, anti-skim card reader, IP camera and level 1 vaults are all options • Triton Connect monitoring • Lower cost
