CIO not the only one to blame for Target breach
Beth Jacob's resignation not surprising, but disappointing analysts say
Computerworld - That someone had to take the fall for the massive breach at Target is neither surprising nor unexpected. The only question is whether more heads will roll in the aftermath of one the biggest data compromises in retail history.
Target on Wednesday announced that Beth Jacob, its CIO of more than five years, had resigned. The move comes less than two months after the retail giant disclosed it had suffered a data breach that exposed sensitive data on more than 40 million credit and debit cards.
Later, the company announced that emails, addresses and other information on another 70 million people might also have been exposed as the result of the intrusion, which occurred over the 2013 Thanksgiving weekend.
In a statement to the Associated Press, Target CEO Gregg Steinhafel said the company is searching for an interim CIO to help it through an information security overhaul that began after the breach.
Target is also elevating the role of the CISO and is looking for a chief compliance officer as part of the transformation effort.
Such moves are not that unusual for organizations that have suffered major breaches. In the past few years several CIOs and technology executives have been held similarly accountable for security lapses.
In 2012, the executive director of Utah's Department of Technology Services was forced to resign over a data breach that exposed the Social Security numbers and other personal data of about 280,000 Medicaid recipients. Utah Gov. Gary Herbert cited a lack of "oversight and leadership" in seeking the resignation.
In 2006, Maureen Govern, AOL's chief technology officer, quit her job in the aftermath of a disclosure that the company had publicly released data on searches done by about 650,000 of its online subscribers. Two employees in the company's research division, which was responsible for the release of the data, were let go.
That same year, Ohio University's CIO William Sams resigned from his job and two top IT managers were sacked following a series of data breaches.
Jacob's fate was even more likely given the scope and the nature of the Target compromise.
The breach, which is still under investigation, is sure to cost Target hundreds of millions of dollars in remediation costs, lawsuits, fines and legal fees.
Even so, the development is unfortunate, said Gartner analyst Avivah Litan.
"You almost have to be a superhuman with 25 hours a day to spend on security issues to be an effective large retailer CIO these days. And that simply doesn't exist," Litan said.
It is also surprising that the company that assessed Target's compliance with the Payment Card Industry Data Security Standard is not taking some responsibility, she said. Target suffered the breach despite being certified as being PCI compliant.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!