Thursday 30 January 2014

Target. A Series of Unfortunate Events



Source: yahoo.news.com


It started right before the holidays, with Brian Krebs’ first report on a 40 mil. financial data breach at Target stores.  News followed that a further 70 mil. accounts containing personal identifiable information was also compromised during the heist.

From then on the focus was on how  the breach happened, what software was deployed, where did Target go wrong and who should take the best part of the blame. Meanwhile, Target provided customers with a sign up for free credit monitoring and identity theft protection system and announced it will invest $5mil in a brand new cyber security coalition. 

But that’s not the end of the problems for the retailer.

Alongside Target, the retail industry is experiencing a surge in cyber attacks and POS malware. The FBI re-assures us that they are aware of these attacks and they are not likely to stop. Compliance is widely criticised as Target was in fact compliant with the PCI DSS standards and it did nothing to stop these spectacular attacks. 

However the infosec community is looking at the entire story with a shaking head and a look of “I told you so”, because researchers have long stated that compliance does not mean security. Previous incidents at Wall-Mart and Heartland Payment Systems had left an even more embarrassing mark on compliance, as they were certified compliant while their networks were in the process of being hacked.

The implications of these recent hacks are wide and diverse. Banks will tighten their liability policies, payment providers will continue to issue fines for poor cyber security measures, while retailers deal with bad publicity and falling share prices. 
This in turn affects economies and market statutes while the customer is left in the middle with the choice of a week’s worth of hassle for cancelling a compromised card and/or the expense of a lawsuit against the retailer.

It seems that all these industries should take a break from trying to only protect themselves and come together for a long-term cooperation strategy centered around the key player: the consumer.  As it stands every industry is furiously trying to escape the responsibility and pass an already irritated and distrustful victim from one institution to another. 

This may work for the time being, but will only lead to a deeper lack of trust in a flawed system.  There is more to be done to educate, prevent and restore trust, and this will take a cooperative and supportive effort from all the industries if they continue to expect customers to hand over their data. 


3 comments:

  1. This was a really good read. I'm British so I don't really know much about Target but this was a really interesting read none the less. Thanks for sharing it.

    ReplyDelete
  2. Thank you! We are glad you liked it. Hope you'll come back again, as there will be more to follow.

    ReplyDelete
  3. I am very impress to see this blog, this Is such a great article and the tips are very comprehensive. I love your article. network security

    ReplyDelete

Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.