Information Security Management - Research Paper Example

Malware infection is believed to be the most critical security threat of the recent times (Kroenke 409). One of the biggest cases of malware infection appeared when one of the biggest retailers Target Corp had to share a lot of secret data such as personal and credit card details of over 110 million customers by means of an email infected through the malware software sent to personnel of HVAC firm. According to Target Corp, this firm did business with them in the past. It is believed that the source of this attack traces back to network authorizations that was assigned by Target Corp to Fazio Mechanical. Basically, it is a small firm that produces products related to air conditioning, heating and refrigeration and is located in Sharpsburg, Pa. However, the details closed in an email were accessed and stolen as a result of this attack. In this scenario, attackers used malicious software to attack Fazio and this attack started almost two months prior to the attack that was launched against Target Corp. In fact, the attackers made use of these stolen information to steal card data from more than one thousand cash register. The investigation shows that the attackers made use of Citadel tool that is particularly used as a password-stealing bot application. In addition, this application is derived from ZeuS that is a well-known banking Trojan (KrebsonSecurity). In addition, the investigation showed that when the attackers entered into their network, the Target’s security team was able to determine only some of their actions. However, the security team carefully evaluated their actions and responded accordingly. Addition, in the light of their evaluations they identified that the action did not deserve instant follow up. In result of this attack, Target’s shares started to fall quickly. In fact, the attackers were able to steal more than 40 million credit card details as well as more than 70 million other personal details of their customers such as telephone numbers, home address and email addresses. As a result of this attack, Target had to face many possible class-action proceedings as well as serious warnings from a number of banks those are looking for compensation for millions of dollars that they lost because of this attack and the fee of card alternates. Though, Target uses a very useful tool known as FireEye that repeatedly removes malicious code or software, however the Target’s security team had turned it off before this attack (KrebsonSecurity). Up till now, more than 90 charges have been registered in different places against Target by banks and customers for compensatory losses and carelessness. However, these cases are other than the costs that wasted due to this attack. As a result of this security breach, Target Corp had to face serious consequences as its sales reduce up to 4%. In addition, due to these serious security concerns shoppers’ interest in online shopping reduced to a massive extent, which lead to a drop of more than 5% in online transactions (Ziobro). In order to deal with these serious situations, the Target Corp has taken a number of effective steps. They have started carrying out an end-to-end evaluation of their employees, technologies, applications and processes to determine their potential and capabilities with the purpose of improving data security. In addition, they are dedicated to learning from this crucial experience. In view of the fact that they are still in the mid of current investigation, but they have already taken serious actions to deal with these situations in the future. They have decided to begin the renovation of their current information security infrastructure. In this scenario, they are planning to move to chip-enabled cards. According to Target Corp, since the current investigation is undergoing so they are not sure whether it is fruitful to involve in theory without evaluating the value of the final outcomes (Ziobro). The recent attack has forced the Target Corp to make considerable changes to their current infrastructure in order to deal with any future attack. In this scenario, they have made a number of updates to improve their security infrastructure. Target Corp has stopped contractors from accessing their servers affected due to this attack, in order to avoid future attackers from getting access to its payment systems through a 3rd party. In addition, it has developed and ensured the maintenance of a “white list” of programs and applications that can be accessed through its point-of-sale servers and registers. In this scenario, Target’s steps can be considered as a positive effort towards ensuring the security of their customers’ data (Hickins). Soon after the identification of this attack, Target notified its customers through a letter in which it clarified that customers’ details such as names and other particulars, debit and credit card numbers, along with their issuance and expiration dates as well as other verification were uncovered as a result of a security breach. Once the Target Corp identified this situation, it immediately informed financial institutions and authorities, and it allocated all its resources in this effort. Along with a number of actions that Target Corp had taken in order to deal with this situation, it has also established a partnership with a prominent 3rd party forensics company to get its help in conducting a detailed examination of the event. In addition, Target Corp is also helping its customers who had lost their credit card details during this incident. In this scenario, these customers have been asked to stay in touch with Target directly and keep an eye on credit accounts. Without a doubt, Target Corp is a large size firm which operates more than 1800 stores in the U.S. and Canada (Hickins). In the past few years, information security has become a serious challenge for both organizations as well as individuals. There are emerging latest tools and techniques to carry out illegal activities. This paper has discussed the example of a well-known security breach which took place in Target Corp. As a result of this incident, the organization had to undergo serious consequences. Without a doubt, the information security has turned out to be a serious issue, but organizations and individuals can deal with this issue by following some security guidelines. In this scenario, organizations should implement strict security measures and continuously improve them. They should hire skilled professionals. They should implement latest mechanisms to ensure the security of their customers ’data. In the same way, the customers should not provide their personal details on every web site. In fact, their personal data is more precious than getting access to an online web site. They should be careful while using their personal details over the Internet. Works Cited Hickins, Michael. The Morning Download: Target Tries to Reduce Its Attack Surface. 30 April 2014. http://blogs.wsj.com/cio/2014/04/30/the-morning-download-target-tries-to-reduce-its-attack-surface/. 25 April 2014. KrebsonSecurity. Email Attack on Vendor Set Up Breach at Target. 12 February 2014. http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/. 22 April 2014. Kroenke, David M. Using MIS. Boston: Prentice Hall, 2012. Ziobro, Paul. Target Profit Declines on Data Breach Fallout -- 2nd Update . 26 February 2014. http://online.wsj.com/article/BT-CO-20140226-710262.html. 23 April 2014. Read More