5. Was this cybersecurity incident foreseeable? Was it avoidable? 6. Why might m

Question

5. Was this cybersecurity incident foreseeable? Was it avoidable?

6. Why might management not treat cyberthreats as a top priority?

7. Research recent news concerning this data breach. Has Target recovered from it? Explain.

Black Pos Malware steals Target's customer Data Data Breach Company Profile Hackers installed malware, 2nd gest retail dincounterin he probably bought from a mnal 40 2013 profit dropped 46 and POS terminals to capture data sales revenue fell 5.3% ahnr from credit and debit cards and transmit back to the hackets Extent of the Breach and Costs Personal and financial data from up to 70 million customers slolen igure 5.1 Target data Epimated breach to cost from $400 million to Target is a major discount retailer in the United States (Figure 5.1). Targets agement admitted that 40 million credit and debit card accounts were eposed between November 27 and December 15,2013. During that peak holiday shopping season, hackers captured credit card data from the stores' point-of-sale (POS payment terminals (Figure 5.2) the Target disclosed the breach on December 19, 2013. then on January 10,3 retailer also reported that hackers stole 40 million credit card numbers alang with the personal information of another 70 million customers The incident scael shoppers away affecting the company's profits throughout 2014. HOW THE ATTACK Several experts believe that POS malware bought from the criminal undergosai whose code for malicious are computer program Black POS causes disruption, destruction, or other devious action Malware named tised on is sold on the black market for or more. The malware is Internet underground lorums WAS CARRIED OUT name Dump Maman installed on POs devices is

Explanation / Answer

5. Yes, it was foreseeable. There were several warnings both from inside and outside the company months before the attack, indicating new types of malware aiming payment terminals. It may have been preventable, had the warnings been observed. At the time of the warning, target was updating the payment terminals in preparation for the holiday season, making them more vulnerable to attack. Maybe correct investments in data security could have prevented the attack.

6. Cost probable is a principal contributor, as target expected that technological changes to harden its IT security would cost more than $100 million. The lack of security might have been a result of underinvestment by senior management. As numerous security warnings are received by retailers every week, it is hard to recognize or choose which ones are the most urgent. Also, they may have become satisfied in responding to the many warnings.

7. Although the impact continued to have effect during 2014, Target indicated that sales trends were improving.

8. The message is that data security must be a first priority, well worth the investments required. Senior management must consider not only the financial impact to their companies and stockholders and the impact on customers, but the likely impact on their own jobs for not making data security a top priority.

Related Questions

Navigate

• Browse (All)
• Browse 5
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.