The board of directors of Target have removed Gregg Steinhafel as chairman and chief executive some six months after the major breach was reported.
According to Reuters, Target said that it wants new leadership to help restore consumer confidence in the retailer after the data breach affected around 70 million customers. A 35-year veteran of the company, Steinhafel had been CEO since 2008 and is now replaced him with Chief Financial Officer John Mulligan as interim CEO, whom Target said had played a key role in the recovery efforts.
Mulligan had been known for publicly apologising to affected customers, while CIO Beth Jacob resigned in March. Both Target and its managed security service provider had faced legal challenges from banks over the breach, although these were dismissed soon after by the banks.
Craig Carpenter, CMO and cyber security strategist at AccessData comments, “Where Target fell down was not with its defensive measures, which actually detected the breach within a day of the first compromise. However, Target’s security team was unable to separate the real alarms from the noise and respond quickly and effectively to genuine cyber attacks.
“Cyber threats are so pervasive and so damaging to any corporate brand that incident response needs to become a board-level matter. Cyber attacks are not isolated events; organisations are being hit again and again. C-level executives cannot afford not to know what’s going on.”
Mark Bower, vice president of product management and solution architecture, Voltage Security, said: “The changes at Target are a bellwether for any C-level executive in enterprises that drive their business from valuable, sensitive data such as customer data.
“It’s not a case of bringing in the malware ‘bomb-squads’ or ‘search parties’ either – by then it’s too late. Today’s CISOs need to neutralise the data to attack, so when the weapons are unleashed on data processing systems, they steal nothing of value – only worthless junk. With today’s data-centric security, enterprises can do exactly that, while still powering the business at full speed – a powerful win-win situation, except for the attackers.”
Kyle F. Kennedy, CTO, STEALTHbits Technologies, said: “A data breach of any magnitude can’t just be measured on the customers that were impacted; data breach analysis must include the impact to the company’s brand and most importantly consumer confidence in that brand going forward. Five months post data breach and Target’s financial numbers are still declining with lower consumer confidence a key trait to why those financial numbers keep falling.
“Protecting Sensitive Data is absolutely critical to any organisation no matter how large or small that organization may be. I just hope all the CIOs, CISOs, CTOs, CSOs, and CEOs reading various media outlets about Target’s CEO resigning learn from the Target data breach and why it is imperative to have technologies that discover, prioritise, identify, remediate and secure sensitive data within their enterprise.”