What will a CISO do for Target?

Super User

I see Target are now hiring a Chief Information Security Officer (CISO) in the wake of the huge data breach that revealed millions of customer's details (including Credit Card details) to hackers.  (40 million credit and debit card records and 70 million other records with customer details.)  I think a lot of us are thinking of that old aphorism about shutting the barn door when the horse has already bolted...

To be sure, having an executive responsible for data security is a good thing, and may ensure that things get done. A laser-like focus on security is essential for a company like Target.

At the least, the new CIO (existing CIO Beth Jacob has resigned) will be glad there's someone else to fire if it all goes wrong again. But things must surely go further than IT. Apparently the costs to the banks of replacing cards to customers already exceeds USD 200 Million. (That's for replacing half the cards.) I assume the bill must end up at Target's door eventually. And that's just the start. Fines, lawsuits, etc. may bring the costs up to USD 18 Billion.

See http://stateofthemarkets.com/report/37556/

However deep Target's pockets are, that's going to hurt. I can't see many of the old faces staying in their jobs after that.

I have a lot of sympathy for Target. In the end, every system can be breached. The advantage lies with the attacker. What we can do, what we MUST do, is start to anticipate a breach, and secure our data accordingly, with encryption, tokenisation, effective key management.

Yes, we have to secure the perimeter, and we have increasingly sophisticated ways of doing that, but prudence dictates we assume a breach some time in the future, and plan accordingly. Then maybe we can save our jobs when that day comes.

Check out some of our security products that might help if you're ever in that situation...


view our products