Reflection post

In the previous post, we have seen how Target was a victim of cyberattack, which resulted in exposing personal and credit card information of approximately 110 million of their customers, (Cyber Breach at Target, accessed 9 August 2023). Target was using a monitoring software (FireEye) to detect the intrusion and it alerted the NOC team in Bangalore, India. Bangalore team in turn alerted their counterparts in Minneapolis but unfortunately no action was taken to mitigate the problem, (Target Security BREACH, accessed 9 August 2023). This raises a question whether their approach for security design was sufficient and efficient; obviously not, since they failed in the first step of defining security requirements which is protecting customer sensitive data (credit card information). The consequences of this attack were costly to Target in terms of reputation and financial loss, (Cyber Breach at Target, accessed 9 August 2023). companies like Target should invest more in cybersecurity to enhance customer experience by protecting their sensitive assets and being online to serve their customers. Possible counter measures that could have been done are:

  • Since Target is a retail store, defining security requirements should be around protecting customer data and preventing denial of service attacks to be able to serve online customers.
  • Defining clear incident management process for employees to follow and understand the escalation path and right person to contact in case of issues. In this context, threat risk assessment would be useful to prioritize and classify security measures and allocate resources as required
  • Conducting penetration tests to assess vulnerabilities.
  • Having latest software updates and patches on all IT systems, since vendors always release patches and hotfixes that address security related bugs.
  • Training employees on security awareness, its important to have the right resources with adequate skills monitoring and reporting any security breach.

In this digital era, organizations use technology for their daily operations.Hence, understanding business context and security requirements are vital in having the best approach to security design.Moreover, Howard M. & LeBlanc. D. (2003) highlight the importance of design, coding,testing, and documentation for delivering secure systems.In this conext,it’s imperative that organizations like Target adopt a disciplined process that incorporates these aspects to protect their assets from adversaries.

Reference:

  • Target Security BREACH, 2017, online available at: https://medium.com/@cruisecoders./case-study-target-security-breach-3803d2182c91; (accessed 9 August 2023).
  • Howard M. & LeBlanc. D. (2003) Writing Secure Code. 2nd ed. Microsoft Press