What Walmart Learned From the Target Data Breach
Walmart CIO Karenann Terrell offers provocative comments about retail security and what the Target data breach taught the industry.LAS VEGAS—The Target data breach in 2013 sent shock waves through the retail industry that reached all the way to Walmart, the world's largest retailer. In a keynote speech on April 28 at the InformationWeek Conference, co-located with the Interop conference here, Walmart CIO Karenann Terrell (pictured) answered a question from the audience about the impact of the Target breach. "What Target taught the entire industry was that you can't have any single point of failure," Terrell said. The ability to protect against every single potential breach vector is zero; that's why layered security with a hard, crusty exterior protection layer is needed on each individual component, including infrastructure, data and applications, Terrell said. As part of a layered approach to security, analytics and data that tracks what is happening on a network from a threat-vector perspective is needed, she said, adding that it's also important to watch the movement of data across an organization to see what happens. Before the Target breach, Walmart knew about the need for multi-layered defensive strategy.
"We have multiple businesses, and in some areas, we look more like a bank than a retailer," Terrell said. "So what we learned is that single points of failure anywhere can have really drastic effects, and the ability for an attack to go undetected for a period of time, just exponentially increases the damage that can occur."