CIO not the only one to blame for Target breach
Beth Jacob's resignation not surprising, but disappointing analysts say
Computerworld - That someone had to take the fall for the massive breach at Target is neither surprising nor unexpected. The only question is whether more heads will roll in the aftermath of one the biggest data compromises in retail history.
Target on Wednesday announced that Beth Jacob, its CIO of more than five years, had resigned. The move comes less than two months after the retail giant disclosed it had suffered a data breach that exposed sensitive data on more than 40 million credit and debit cards.
Later, the company announced that emails, addresses and other information on another 70 million people might also have been exposed as the result of the intrusion, which occurred over the 2013 Thanksgiving weekend.
In a statement to the Associated Press, Target CEO Gregg Steinhafel said the company is searching for an interim CIO to help it through an information security overhaul that began after the breach.
Target is also elevating the role of the CISO and is looking for a chief compliance officer as part of the transformation effort.
Such moves are not that unusual for organizations that have suffered major breaches. In the past few years several CIOs and technology executives have been held similarly accountable for security lapses.
In 2012, the executive director of Utah's Department of Technology Services was forced to resign over a data breach that exposed the Social Security numbers and other personal data of about 280,000 Medicaid recipients. Utah Gov. Gary Herbert cited a lack of "oversight and leadership" in seeking the resignation.
In 2006, Maureen Govern, AOL's chief technology officer, quit her job in the aftermath of a disclosure that the company had publicly released data on searches done by about 650,000 of its online subscribers. Two employees in the company's research division, which was responsible for the release of the data, were let go.
That same year, Ohio University's CIO William Sams resigned from his job and two top IT managers were sacked following a series of data breaches.
Jacob's fate was even more likely given the scope and the nature of the Target compromise.
The breach, which is still under investigation, is sure to cost Target hundreds of millions of dollars in remediation costs, lawsuits, fines and legal fees.
Even so, the development is unfortunate, said Gartner analyst Avivah Litan.
"You almost have to be a superhuman with 25 hours a day to spend on security issues to be an effective large retailer CIO these days. And that simply doesn't exist," Litan said.
It is also surprising that the company that assessed Target's compliance with the Payment Card Industry Data Security Standard is not taking some responsibility, she said. Target suffered the breach despite being certified as being PCI compliant.
- Agile Masking Transforms Data Security Most data masking products can create masked data copies but not distribute or update them, resulting in projects that fail to live up...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Do More With Less: How CARFAX Consolidated Their Security Solutions Through a consolidated F5 solution, CARFAX cut site downtime to zero, secures its data, and deployed a high-performance infrastructure to support its rapid...
- F5 Data Center Firewall Aces Performance Test F5's BIG-IP 10200v with Advanced Firewall Manager (AFM) can handle traffic at 80-Gbps rates while screening and protecting tens of millions of connections...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Data Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!