05-06-14 | Blog Post
Co-CEO Yan Ness has a saying that Online Tech is “in the business of helping our clients sleep at night.” Primarily, he’s speaking of organizations not losing sleep worrying about compliance and data security. But at the C-suite level, more and more, protecting data privacy also means protecting careers.
On Monday, Target president and CEO Gregg Steinhafel resigned after 35 years with the company. According to a statement from the company’s board of directors, Steinhafel “held himself personally accountable” for the massive data breach Target experienced late last year. Target CIO Beth Jacob also resigned following the breach, which compromised up to 110 million customer records and cost the company $17 million in breach-related expenses and a significant blow to its reputation.
An Associated Press story claims Steinhafel is the first CEO of a major corporation to lose his job because of a data breach, “showing how responsibility for computer security now reaches right to the top.”
Research released on the day of Steinhafel’s resignation offers a glimpse into the severity of data breaches for companies: The Ponemon Institute’s annual Cost of Data Breach Study indicates U.S. companies that suffered a data breach in 2013 lost an average of $5.4 million. That’s a 9-percent increase from 2012 and an average of $201 per record lost.
To help it fight cybercrime, Target recently hired Bob DeRodes – a security expert who has worked with the U.S. Department of Homeland Security and the Department of Defense – as its new CIO. If that kind of hire is not in your organization’s budget, contracting with an experienced infosec professional can put solid security requirements in place at the design phase and clean up those that made it to production environments. Alternatively, outsource IT infrastructure to a company dedicated to security and compliance that will maintain your patches, monitoring, and other cybersecurity safeguards and best practices so you can focus your resources just on what your own organization needs to do to improve security.
What else can a company or organization do to protect against the threat of an attack on their systems? Layer up with security and create a comprehensive defense in depth solution that ties together log and file monitoring, two-factor authentication, patch management, vulnerability scanning and other technical security tools that can potentially detect and prevent a data breach of proprietary or sensitive data.
Weigh the cost-benefit analysis of preventative IT and the potential cost per record of a data breach in your respective industry – a little bit of good security can go a long way.
Related reading:
White paper: PCI Compliant Clouds
White paper: Encryption of Cloud Data
Resources:
Associated Press: Target’s CEO first major corp boss to lose job in customer data breach
Network World: Data breaches 9% more costly in 2013 than year before
InfoSecurity: Target appoints new CIO, adds chip and PIN to payment cards
