Resignation of Target CEO following data breach shows growing importance of security

The first CEO to resign over a data breach is a symptom of the increasing importance of information security in business.

Gregg Steinhafel, CEO of $40bn retail behemoth Target, was forced to step down on Monday, following a raid by hackers on consumer information.

Vice-president of RSA — EMC’s security division — Brian Fitzgerald believes companies have to realise that data risk is now as important as financial risk.

“This is the first time a high-level CEO, to my knowledge, has actually been forced to resign or step down due to an IT breach, but you can guarantee that will put a lot of people on notice that this is something that, at the highest business level, people have to treat as a existential business risk,” he said.

The problem with managing risk is that, as the internet increasingly connects devices, people, and companies in different ways, it has become almost impossible to manage. The connections between companies and who has access to which networks are constantly changing. Mr Fitzgerald described the connections as organic and constantly evolving. Even the biggest firms in the world have been hit through weak points.

“If you look at some of the big retail credit card thefts, the target was attacked through the air conditioning supplier.

“It was connected to their network; you have a big target that is well protected so they look around for who already has a network connection to that target. It’s like the exhaust vent in the Death Star,” he said.

The complexity means companies who never thought that they would be targets for attacks have found themselves on the front line. RSA recently came under attack from the Syrian Rebels internet faction, the Syrian Electronic Army, who tried to attack them through a small website analytics company.

“You will still see nation-state style of attacks, but you will see them directed at more and more kinds of people who never thought they were going to be targeted by a nation state,” he said.

There is very little a firm can do to stop attacks, but once it happens they must know how to react. RSA is using artificial intelligence and big data systems that learn when and where an attack is taking place.

Despite efforts to minimise risk, he doesn’t think it will be possible to completely eliminate the threat of attacks, saying “the web is incredibly fragile and incredibly resilient at the same time”.

However, he says any bid to regulate interactions and minimise connectivity between networks would cost more than it would save.

“You are going to have to accept the fragility to get the potential values. If you tried to manage it too closely and dictate the way that the web could grow you would probably reduce the fragility a little bit, but you would reduce the up side a lot.”

© Irish Examiner Ltd. All rights reserved

More in this Section

European travel stocks drop on US warning of 'increased terrorist threats'

Competition and Consumer Protection Commission contests email seizure at Irish Cement Ltd

Dublin-based Greencore expects US profit increase following 'food-to-go' policy success

Securing Whitegate Refinery's future ‘highly desirable’ for Ireland's energy security and economic prospects

You might also like

Breaking Stories

Li-Fi: the light-based alternative to Wi-Fi is found to be 100 times faster

Betfair earnings increase ahead of Paddy Power merger

Drones to patrol beaches in Australia looking for sharks

Samsung's new TV advert perfectly captures the madness of Black Friday


Gay Byrne was a canny operator who allowed women be heard

Shopping for classic clothes with vintage queen extraordinaire Irene O’Brien

Johnny Depp is looking like the real gangster James ‘Whitey’ Bulger in Black Mass

GAEMTECH: Games Mania are bringing retro consoles and games back into the mainstream

More From The Irish Examiner