The advancement of technology is occurring at a fast pace in the contemporary global era. This has raised concern over the security of data in organizations, particularly in dealing with the customers. Every company is prone to cyber crimes as hackers make efforts to make advancements that align with the current trends. As such, organizations have to be vigilant in the kind of technologies they adopt and also the approaches they establish in their attempts to protect the clients’ information and other critical data that enables the day to day operations of the firm.
The major challenges that organizations face in their attempts to protect organizational data and assets are founded on the fact that cybersecurity is a sophisticated endeavor (Katzan, 2016). While organizations are busy exploring the best technological security devices to install, the hackers are also on a mission to identify software that can outdo the power of various technological devices. Technological advancement is multidimensional and this implies that any improvement that is meant to build also comes with another one that is quite powerful at destroying. Organizations use huge amounts of cash in their attempts to address issues of cybersecurity beforehand. According to Katzan (2016), America spends more than $1 trillion annually in issues of cybersecurity. The notion of protecting individual’s identity and the associated private data also involves costly installation that end up being inconvenient at the time of a cyber attack. Target is an exemplar company in presenting the challenges that an organization is likely to face in the event of a cybercrime. This company had all the necessary security measures but this did not bar the hackers from stealing the customers’ private and critical data of their credit and debit cards. Several customers emerged as victims of a cybercrime that could have been prevented successfully though vigilance and collaboration of the security team.
Delegate your assignment to our experts and they will do the rest.
Target had experienced warning signs before the hackers’ undertakings to steal information contained in their customers’ credit cards. The company’s FireEye software alerted the company of a malicious undertaking on its IT system on November 30, at a time when the hackers were installing a code through which the stolen data would be transferred to the hackers’ system. The FireEye alert read “malware.binary” detected. Other details that contained the addresses of the location where the customers’ data would be received and stored for retrieval by the hackers were also indicated during the alert. More alerts kept streaming as the hackers installed extra versions of the malware. The company’s security personnel, however, ignored these alerts yet the malware could be easily deleted without utilizing sophisticated software but the one that was readily available (Riley, 2014). One blunder that had occurred within the company’s security system is that the company’s security team had disabled the delete function which could have deleted the malwares automatically. Secondly, the security team ignored the addresses that could have directed them to the storage location of the stolen data and this made it possible for the hackers to retrieve the data at pleasure. In this case, the security team depicts lack of collaboration in determining the best approach to cybercrime. McCornell (2011) emphasizes the need for collaboration in preventing occurrences of cybercrime and also defending the company’s information and assets against them.
Target could have ignored the alerts due to a perception that they had a powerful security system that could enable them to handle the situation successfully. Again, the security team could have taken the alert about malwares as any other minor virus that could not cause alarm. As such, they were caught unawares when the hackers managed to steal data of several customers in a span of two weeks. If the company had taken the alerts seriously, they only needed to counteract one action of the hacker and the entire mission could have been disabled, making the customers’ information secure. According to the United States Committee on Commerce, Science, and Transportation (2014), a company needs to disrupt just one step of the hackers’ plans and this disrupts the mission of a cyber attack in entirety. If Target had taken measures to counteract the installation of malwares at the time the software alerted the security team, the hackers could have been barred from continuing with the mission of stealing the customers’ credit card data. Target, however, depicts high levels of leniency in the way the security team interacted with the electronic devices and the security system.
One of the ways through which Target reacted to the breach is by signing into the hackers’ system but the company was too late and found that the data had readily been retrieved by the hackers. The company announced the breach in public on December 19, 2013. After the announcement, some customers noted that their credit cards had readily been used. Other customers had received fraudulent alerts with one family reporting that all the cash in their debit card had been used up and the card had $600 unpaid charges (Riley, 2014). Though Target’s CEO claimed that the customers would not pay for any fraudulent charges, some customers could no longer trust the company and some regretted having been frequent visitors to that store. Though some customers continued being loyal to the company after the public announcement of the breach, many customers felt that Target had compromised the security of their data. There are some customers who did not blame Target but instead blamed the cashiers of the places where the cards were used in a fraudulent manner. This means that Target’s announcement of the breach was effective in restoring the customers’ trust.
In general, Target’s vulnerability to a cyber attack was due to the negligence of the security team. The company had all the appropriate security measures and there were warning signs before the actual occurrence. Target’s security team was lenient in their way of addressing the issues of malware. If they had collaborated to device ways through which to counter the hackers’ plans, they could have succeeded tremendously. The warning alerts contained addresses for the location where the customers’ data was to be stored before retrieval by the hackers. Through the security system that had been installed in the company, the security team could have viewed the information and retrieved it before it got to the pre-planned destinations for use by the hackers. The malwares that contained various codes for use by the hackers could also be deleted immediately after installation. However, the security team did not take the matter with the level of seriousness it deserved. Target’s security systems had cost the company billions of dollars yet it was not utilized in the manner that could have enabled the company to create a powerful reputation in protecting customers’ privacy. What emerged, however, put the company on the defensive line and at a high risk of losing some customers. The company’s security infrastructure was quite powerful. Nevertheless, the company’s security personnel failed in their work to bar the entry and functionality of the malwares. While it could have been impossible to stop the installation of the malwares, disabling their functionality was possible. Target’s security team had, however, disabled the delete function of the company’s security system. The leniency of the team in dealing with malwares further worsened the situation as no one cared to respond to the warning alerts. If any one cared, the delete function could have been restored to enable the eradication of the malwares and their functionality and that could have marked the end of the hackers’ mission.
References
Katzan, H. (2016). Contemporary issues in cybersecurity. Journal of Cybersecurity Research, 1 (1), 1-6.
McCornell, B. (2011). Enabling distributed security in cyberspace: Building a healthy and resilient cyber ecosystem with automated collective action. The Department of Homeland Security. Retrieved from http://www.dhs.gov
Riley, M. (2014, March 17). Missed alarms and 40 million stolen credit card numbers: How Target blew it. Bloomberg. Retrieved from https://www.bloomberg.com
United States Committee on Commerce, Science, and Transportation (2014). A “kill chain” analysis of the 2013 Target data breach. Retrieved from https://www.commerce.senate.gov