Risk
3/5/2014
03:27 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Target Seeks New CIO

Data breach last year prompts CIO Beth Jacob to resign; Target will hire interim CIO and chief compliance officer.

9 Notorious Hackers Of 2013
9 Notorious Hackers Of 2013
(click image for larger view and for slideshow)

Target is looking for a new chief information officer following the resignation of CIO and executive VP of technology services Beth Jacob on Wednesday.

As the company's top technology executive, Jacob had responsibility for Target's computer systems and network, which succumbed to hackers late last year, enabling a massive data breach.

The breach began on Nov. 27, was confirmed on Dec. 15, and ended on Dec. 18. The company initially said 40 million credit and debit card accounts were affected, but its investigation subsequently revealed that a separate set of data, stored elsewhere and covering 70 million accounts, also had been stolen.

One of the largest retail data thefts ever, the incident contributed to a 40% decline in the profit reported by the company last month.

[Can a phone be snoop-proofed? Read FreedomPop Debuts Encrypted Snowden Phone. ]

Jacob started with Target in 1984 as an assistant buyer. She left in 2002 then returned to the company in 2006. She was appointed CIO in 2008.

In an emailed statement, Gregg Steinhafel, chairman, president and CEO of Target, confirmed that the company is seeking a new CIO. "While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly," he said. "To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices at Target. As a first step in this effort, Target will be conducting an external search for an interim CIO who can help guide Target through this transformation."

Image credit: Jay Reed on Flickr.
Image credit: Jay Reed on Flickr.

Steinhafel said Target will be "elevating the role of the chief information security officer" and filling the position externally. He also said the company plans to look for a chief compliance officer outside the company. In addition, he said Target is working with Promontory Financial Group to assess its systems, infrastructure, business processes, and talent.

The new chief compliance officer position has been created in conjunction with a retirement: Target's current VP of assurance risk and compliance, Ann Scovil, previously planned to retire at the end of March, according to a company spokeswoman. As part of its effort to rebuild its information security infrastructure and processes, Target has decided to divide responsibility for assurance risk and compliance.

Beyond changes in personnel and processes, Target last month said it plans to invest $100 million to issue smart chip credit and debit cards and to equip its stores with the hardware to handle the technology.

Pen testing helps companies become more secure by finding and analyzing their insecurities, but pen test services can be fraught with their own kind of risk. In this Dark Reading report, Choosing, Managing And Evaluating A Penetration Testing Service, we recommend what to look for in a provider and its wares, how to get what you pay for, and how to ensure that pen testing itself doesn't open the company or its employees up to new risk. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
WKash
50%
50%
WKash,
User Rank: Apprentice
3/5/2014 | 4:22:07 PM
CIO or Chief Customer Officer?
By most every measure, Target CIO Beth Jacob has had an impressive career.  If anyone understood Target's business and its customers, she did. And her advancement through the organization suggests she understood how to manage big issues in a fast moving environment, which is what retailers must do every week. 

Whether she was up to the task of managing Target's Technology Services, or simply had to take the sword in what is proving to be a very costly hacking, only Target's insiders will know. 

Her departure raises two questions.  Are enterprises better served when a business (customer) champion is in charge of IT, so long as the IT team has the requisite talent, versus someone who came up through the tech ranks?  (My sense is, with the right management skills, the answer is sure, why not?)  The other question is, what are other CEOs across the nation doing to elevate IT security in their firms in the aftermath of the Target breach?

Target's CEO Gregg Steihafel certainly found out the hard way how costly it can be not being prepared for today's rapidly evolving cyber threats.

 
 Bup to eth Jacob is by all accounts a very impressive woman. She has a bachelor's degree in retail merchandising and an MBA, and has risen steadily at a major retailer to become Executive Vice President and CIO at a young age. Sounds like a perfect job, right? Except when you consider that the company where she's spent most of her career just experienced a breach of 40 million credit and debit cards during the holiday season. - See more at: http://www.enterprisingcio.com/368/will-cio-become-target#sthash.kGOX0ORO.dpuf
<<   <   Page 2 / 2
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8551
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

CVE-2014-8552
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?