CIOs: Are CFOs Lax with Security?
CFO’s Don’t Want to Get it When it Comes to Risk and Security…Until it’s Too Late.
Target’s CFO should be embarrassed. Target is investing $100 million to upgrade to a more advanced credit card system following the massive hack of customer data, its chief financial officer told U.S. Senators Tuesday. Testifying before the Senate Judiciary Committee, Target CFO John Mulligan gave a more detailed account of the holiday season hack that has exposed personal or financial data of nearly a third of U.S. adults.
$100 million to upgrade credit card systems?
We already noted that Chip and Pin isn’t the answer. Fraud losses on UK cards with this technology totaled £610m (a little more than $1 billion U.S. dollars) in 2008, a peak year for fraud. Obviously, this is a knee-jerk reaction to what they’ve gone through. Will it help? Of course. Did he need to spend that? Not even close. But hey, it’s only the shareholders money, not his. At least he can now say he’s doing something.
Is he going to lose his job for costing the company over a couple billion dollars in losses?
According to Ponemon estimates (PDF), the breach will cost Target over $2 Billion dollars. That’s Billion with a capital B! CFO to get fired? Naw, his bonus will probably go up. And what a tough position. He probably couldn’t spell security before the incident, but had to testify before congress about what they’re going to do…talk about your crash courses. He makes a bold statement when he says, “We will learn from this incident.” Ya think? Companies on average, still not doing the right things—unless they’re forced to California Senator Dianne Feinstein stated that public notification of major data breaches is currently "vague (and) nonspecific," and firms can often get away without making disclosures. We see this all of the time.
These executives at Target got caught with their pants down, and with the size of the breach so large, they had no way of pulling them up. They had to stand there and take it in the shorts. Others typically don’t have such a large breach of information, and thus don’t disclose that their customers’ (or as Target calls them “guests”) information was stolen. Dishonest? Yes. Lucky, absolutely. If the buck stops with the CFO, they're in a sorry state accountability.
Published by InfosecIsland.com
Enjoyed the article?
Sign-up for our free newsletter to kick off your day with the latest technology insights, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.