Because to technological innovation, the majority of organizations have embraced the use of technology to power the business processes and units over the years. Due to ongoing advancements in technology creation, using it in numerous ways has reduced the cost of doing business. Yet, this has presented some difficulties for businesses seeking to keep up with technology. Organizations have frequently lost billions of dollars in addition to assets as a result of fraudsters operating covertly and defrauding them using the same technology. The major target of cyber attackers are companies that have online payment platforms for their clients with transaction running into millions of dollars annually (Weiss & Miller, 2015). The increased technological uptake in many organizations can be both an opportunity and a risk in an equal measure. Technology comes along with cyber security issues. This paper discusses the cyber security in business organizations concerning the Missed Alarms and 40 million stolen credit card numbers article.
Fundamental challenges that organizations face regarding protecting organizational assets and information
In the case of Missed Alarms and 40 million stolen credit card numbers, malware was installed on the system of payment in Targets TGT Security payments, days to Thanksgiving in 2013. The aim being that credit card used in the process of making payments across the company stores to be siphoned through the malware, across the company's 1797 stores drawn across the United States (Riley, Elgin, Lawrence & Matlack, 2014). This was a well-crafted idea that, if it would have been executed to the end would have defrauded the company millions of dollars. Cyber security threats such as the installation of malware on computers have often caused organizations to lose money and data. For example in the above case, the installation of malware such as Fireball, which is a Chinese malware attacked over 250 million computers across the world (Riley, Elgin, Lawrence & Matlack, 2014). This ensured that the companies whose computers were attacked were rendered useless and in the process, the companies lost data through turning the computers into zombies. This is done through infecting codes, thus making the hackers to be able to steal login credentials, creating unnecessary duplicate software that makes the computer to be unsafe. Since most companies store their data on such equipment, the hackers are easily in a position to manipulate the data to their advantage.
Red flags that Target overlooked before the retail attack
The two red flags ignored by Target include inadequate training of their personnel and lack turning off the function that would automatically delete a malware that has been detected in the system. The investment in the cyber security strategy had cost the organization about $1.6 million (Riley, Elgin, Lawrence & Matlack, 2014). The massive investment needed to ensure that their staff members, both IT and the non-technical staff have the knowledge of detecting if there is any cyber-attack in the system or if there is need to advance response to online systems of the company. Adequate training of staff is crucial in enhancing the security of the IT infrastructure that has been installed by an organization. Employees need to be trained on how they ought to deal with critical data if clients and developing the required level of competency of operating the system. Regular awareness training is fundamental on the development of necessary skill.
According to the audit report of the FireEye's performance, the function of would have automatically deleted the malware was deliberately switched off by some staff of Target. Such affirms the lack of regular monitoring of the security features of the system and inability to review the security standards of the computer system installed by the organization. The malware had the ability to record the credit card numbers, personal details such as names, phone numbers and physical addresses of Target's clients (Weiss & Miller, 2015). Such created a loophole for siphoning off money from the accounts of Target's customers. Lack of a monitoring system for the IT software is crucial in ensuring that any attempted attack on the IT infrastructure is repelled. Additionally, informing the company of the intrusion of the malware ought to have necessitated the IT staff of Target to estimate the malware and reset the society system besides enhancing the security of the entire IT systems of the target.
Central actions that Target took after the breach
The principal activity is the installation of a new system that has advanced security features such as chip and pin that would protect any attempted breach into the system of the organization. The second action is the installation of a new system that would overrule the existent system. The new system that the organization intends to install in its operations is likely to cost $100 million and would include new branded debit and credit cards to be issued to the clients (Riley, Elgin, Lawrence & Matlack, 2014). The third action is the assurance of customers on how the organization has undertaken steps to protect the critical data of their customers including offering compensation for the losses that have been incurred. The decisions that have been taken by the organization have the potential of reducing the profit margins earned by the organization. The other activities undertaken by Target is to provide one-year free credit monitoring in all their shops in the United States to instill confidence in the efficacy of their new system.
Main reason why the Target Breach occurred
The Target breach can be accredited to the inability of management to act accordingly and poor infrastructure. Good IT infrastructure needs to ensure that it detects any form of malware and lays measures that can be put in place to exterminate the malware attack. Turning off the function that could automatically disable the malware is evidence of the poor infrastructure that was established by the company (Weiss & Miller, 2015). Additionally, lack of goodwill from the management to act accordingly to the likely attacks further affirms the lack of preparedness by the management. The management needed to ensure that the employees are properly trained, and the system is regularly monitored to prevent the likelihood of a cyber-attack.
Conclusion
The cyber-attack to Target's system is known to have emanated from a third party. However, the lack of adequate action and goodwill from the management and poor infrastructure contribute to the losses that were incurred by the company. The lawsuit that was filed by Target's clients is likely to lead to billions of losses and negative reputation of the enterprise. In the recommendation, a company needs to ensure that its IT system can detect any malware and can exterminate the malware (Trautman, Triche & Wetherbe, 2013). Additionally, there is need to ensure that any attempted malware attack is reported to the management and steps undertaken to protect the system including the installation of latest firewalls.
Reference
Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014). Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. BloombergBusinessWeekTechnology.
Trautman, L. J., Triche, J., & Wetherbe, J. C. (2013). Corporate information technology governance under fire.
Weiss, N. E., & Miller, R. S. (2015). The target and other financial data breaches: Frequently asked questions. Congressional Research Service.
