Cyber Security in Business Organizations

A security breach in computer systems is a serious occurrence for companies especially
those dealing with financial products. Companies are in constant pressure to stay alert but more
often than not, these companies get trapped in the comfort zone. They assume alarms and when
the threats become real and breaches occur, the companies panic and in the frenzy, they
undertake procedures and corrective actions without thinking them through properly. The end
results is a waste of money and degenerated client trust. Target is one such company
The Fundamental Challenges Faced by Organizations in Ensuring Cyber Security
Protection of valuable data and business information has become a critical issue that
management deals with. The government in the US has identified cyber security as an economic
and national security challenge. Organizations continue to invest on measure to prevent acts by
cybercriminal and also unsatisfied employee who may release sensitive information or carry out
online fraud. The increased rate of online shopping continues to expose organizations to more
risks (Kendler, 2011).
The scope of cyber security is so diverse that is tends to be challenge for most
organizations. The issue of protecting the important assets is so wide that it requires all members
of the organization to be mobilized and be alert. Achieving cyber security requires an
organization carry out a survey to establish what needs protection and why. This search mainly
identifies many assets which are key strategic drivers for the organization. To manage this
protection many skills and resources are required. The problem is too large to be handled
effectively by the IT department alone (Caralli & Wilson, 2004).

CYBER SECURITY IN BUSINESS ORGANIZATIONS 3
The growing trend on connectivity issues requires an organizational be part of a complex
operational environment. This connectivity exposes the organization to operational and technical
risks. As such was the case of Fazio Mechanical Vendor, a third party organization, which the
intruders used in the Target cyber-attack (Riley et al. 2014). The problem is escalated by the fact
that this environment is constantly changing meaning that what may have been considered safe
yesterday may be unsafe today. This requires the system adopted for protection be adequately
sufficient (Caralli & Wilson, 2004).
Another challenge that organizations face in ensuring cyber security is on information
resilience. Most information assets are known to undergo a lifecycle with different stages such as
creation, processing, storage, dissemination and destruction. At each of these stages, the risk for
a cyber-attack is different and this requires a different procedure to offer the required protection.
The transition between these stages also offers points of weakness. Furthermore, during these
stages different people and technologies are involved which increases their vulnerability to a
cyber-attack (Mehravari, 2014).

Actions Taken by Target and their Efficiency

Target’s CEO mentioned that the company was conducting an end to end audit of the
major components of the company; its people, technology and processes. The statement was
made immediately after the security breach. According to Cavoukian & Hamilton (2002),
customers’ (important stakeholders) privacy is of great concern to them and it defines the level
of engagement they (customers) are willing to go with the company in question. In this regard,
the privacy of Target’s clients was compromised and evidence from the case indicate that there
was related financial loss on the part of the clients. As a consequent, trust with the company

CYBER SECURITY IN BUSINESS ORGANIZATIONS 4
nosedived. Evidence? The company’s stocks remained unchanged even after the company
invested $100 million in security systems. The corrective action was first, engaging in a public
relations campaign, and then investing in security systems. These two actions were not effective
at least in the short run.
Target set aside a $61 million war chest to respond to the attack. Some of the money was
spent on setting up a customer response center and also in paying for fraudulent payments that
were a consequence of the breach. The $61 million activity was an attempt to restore the fast
fading client trust. According to the company, the immediate Thanksgiving holiday made a
record 46% loss as compared to the previous year. As if not enough, the period’s performance
was the worst since the company got listed in 2008. As an evaluation of the company’s
efficiency in responding to the breach, it boils down to a wasted $61 million since there was loss
incurred without any signs of reprieve from the said action.
The company’s investigators went in hot pursuit of the hackers. The investigators were
interested in finding the paths and dump sites that the hackers could have used. The action was
done despite the fact that the company was aware of breaches before and when they actually
happened. The action was futile. First, the action of pursuing the hackers after the breach fell on
the authorities as the breach was a criminal activity. Second, the breach involved other
jurisdictions making the actions of the company insignificant. Consequently, after the authorities
stepped in, only one suspect was apprehended. A tragic ending.
Conclusion

The cyber-attack on Target would have been avoided had all the responsible parties acted
accordingly. The computer security, FireEye, which had been contracted to install a malware

CYBER SECURITY IN BUSINESS ORGANIZATIONS 5
detection tool, did its part and alerted the Target at Minneapolis stating an urgent threat had been
detected (Riley et al. 2014). Failure of the security team at Minneapolis to act was among the
major reason why the intruders succeeded. There also existed a cold relation with the newly
contracted security company, FireEye, and it may still have been viewed with skepticism.
Target internal protection measures had a tool that was sufficient to automatically detect
and block malware, but in this particular case, it was turned off. This required the security team
to up on their game of detecting any threat which they obviously did not. The third party
vendors, Faizo Mechanical Services, provided a loophole for the intruders to access the system
and steal the data. This proved that the firewall created in the Target’s system to segment the
network, was porous and thus the hacker was able to gain access.
The hackers were able to successfully siphon forty million credit cards among other
sensitive data for Targets system due to the failure of the management to act. The case shows a
lot of negligent act by the management and failure to be vigilant. The management seemed to
have taken a relaxed mood just because their organization was certified as being in line with the
payment card industry requirements.

CYBER SECURITY IN BUSINESS ORGANIZATIONS 6
References

Caralli, R., & Wilson, W. R. (2004). The Challenges of Security Management.
Cavoukian, A., & Hamilton, T. J. (2002). Privacy Payoff. New York: NYC. McGraw-Hill
Ryerson.
Kendler, P. B. (2011). Retail Information Security Challenges: Protecting Customers while
Enabling New Technology and Improving the Bottom Line. Wall Street and Technology.
Mehravari, N. (2014). Information Resilience in Today’s High Risk Information Economy.
Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014). Missed Alarms and 40 Million Stolen
Cards Numbers: How Target Blew It. Retrieved from http://www.bloomberg.com