Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • IT Management
    • Networking

    Target Aims to Lock Doors to Future Security Breaches

    By
    Sean Michael Kerner
    -
    May 1, 2014
    Share
    Facebook
    Twitter
    Linkedin
      Target Breach

      For the last five months, retail giant Target has had its security practices under a microscope as it has struggled to recover from a devastating data breach at the end of 2013. Now Target has found itself a new CIO and is outlining significant new steps to reinforce its security to help prevent another data breach.

      Target first disclosed on Dec. 19 that approximately 40 million customer accounts were compromised between Nov. 27 and Dec. 15. In January, Target revealed that the scope of the breach was even wider—affecting 70 million consumers.

      One casualty from the data breach was Target’s Chief Information Security Officer Beth Jacob, who resigned March 5. Target has now named a new CIO, Bob DeRodes, who is set to start on the job May 5. DeRodes has had a long career in IT and has been an adviser to the U.S. Department of Justice and the U.S. Department of Homeland Security.

      “Establishing a clear path forward for Target following the data breach has been my top priority,” Gregg Steinhafel, Target chairman, president and chief executive officer, said in a statement. “Bob’s history of leading transformational change positions him well to lead our continued breach responses and guide our long-term digital strategy.”

      Chip and PIN

      One of the primary areas of concern in the Target data breach has been the use of magnetic stripe credit cards. Chip-and-PIN credit cards, widely used outside the United States, have been seen as one possible solution to help limit the risk of future breaches. Target is accelerating its own timeline for adoption of chip and PIN.

      Starting in 2015, Target’s REDcard branded credit and debit cards will include MasterCard’s chip-and-PIN technology.

      “As we aggressively move forward to bring enhanced technology to Target, we believe it is critical that we provide our REDcard guests with the most secure payment product available,” John Mulligan, executive vice president and chief financial officer for Target, said in a statement. “This new initiative satisfies that goal.”

      The Retail Industry Leaders Association (RILA) is applauding Target’s accelerated move to chip-and-PIN technology. “The security features associated with chip-and-PIN technology will reduce the risk of fraud in the United States as they have done around the world where this enhanced fraud-prevention technology has been in place for years,” Sandy Kennedy, president of RILA, said in a statement.

      Improved Security Policies

      Overall, since the data breach occurred, Target has undertaken a number of steps to improve its security. Passwords were reset for 445,000 Target team members and the use of two-factor authentication was expanded.

      One potential weakness in Target’s infrastructure was system access by third-party contractors. A report in February alleged that the attackers in the data breach gained access through Target’s heating, ventilation and air-conditioning (HVAC) vendor.

      Target has now blocked that path to exploitation. Company officials noted in a press release that it has decommissioned vendor access to the server impacted in the breach and disabled select vendor access points.

      Target officials also noted that it has added enhanced monitoring and logging capabilities as well as permission-based whitelists for applications running on its point-of-sale (POS) systems.

      All told, Target is taking multiple steps to prevent another breach from occurring. The practical reality, however, is that the Payment Card Industry Data Security Standard (PCI DSS) likely already has provisions in place for all of the areas that Target is now reinforcing.

      PCI-DSS, however, is just a compliance standard.

      Bob Russo, general manager of the Payment Council Industry Security Standards Council (PCI SSC), said back in February that PCI DSS tells you that you need to put a lock on the door, but the people part of the equation means it’s up to you to actually lock the door.

      Let’s hope that Target is now doing its part to make sure the door is actually locked.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×