Target
I hope this sueball breaks Target, it deserves to be made an example. To all those CEOs who think "outsourcing will take care of security".
A group of banks has filed a class action lawsuit against Target over its recent data breach, and has named security company Trustwave as a co-defendant. The late-2013 security breach resulted in at least 40 million customers' credit cards being compromised, after a Maryland contractor's systems provided a bridge into the …
"I hope this sueball breaks Target, it deserves to be made an example. To all those CEOs who think "outsourcing will take care of security"."
Careful what you wish for. All those folks who are out of jobs as a result of Target failing will look for jobs elsewhere. Those same could end up looking after your bank account... :)
I'm not naive. Companies don't care about security any more than they care about toilet paper - it's an expense but they need to have some, so they buy the cheapest 'solution' possible and call it quits. Pleas to 'do the right thing' or 'concern for the customers' wellbeing' (AFTER they've handed over their cash) won't get the job done.
However, making lack of security expensive. Yeah. That'll do it. A billion dollar plus judgement and we'll see every Target becoming a quantum-encrypted, air-gapped fortresses, with armed and flak-jacketted paramilitary types guarding every terminal and comms cupboard.
That the day-to-day business operations of these really big retail companies with lots and lots of customers are all about really big IT systems processing big amounts of sensitive data.
Because IT is at the heart of these businesses, you would think they'd have at least one main board director with fundamental IT systems knowledge and expertise.
That problem for the company with a main board IT director is that is that they cannot (or it makes it more difficult for them to) claim ignorance as a defence and lay off responsibility to more junior IT bods or third party service providers / contractors when this kind of event takes place.
Because IT is at the heart of these businesses, you would think they'd have at least one main board director with fundamental IT systems knowledge and expertise.
But then, they'd need someone senior to that IT director to check to see if the candidates were just spouting a line of BS, or if they really knew what they were talking about.
It's a never-ending cycle of people knowing just enough to sound like they know what they're doing, when in fact, all they need to know is a few choice nuggets that their boss doesn't understand.
I think we should fix the root cause which is the credit card system itself it needs to be replaced with some other system. We need a more secure credit system.
Example. An app on your phone that you have to login to that connects to your bank that you have to use to approve the use of your credit card before you use it. If you dont approve it before hand then it is declined. That way if they get your credit card information they cant use it. Some form of two factor authentification for credit cards.
The banks should eat this as a lesson that they need to replace this system.
*Now* I remember why the name Trustwave rings a bell....
http://www.theregister.co.uk/2012/02/14/trustwave_analysis/ - Trustwave to escape 'death penalty' for SSL skeleton key
http://www.eweek.com/c/a/Security/Mozilla-Asked-to-Revoke-Trustwave-CA-for-Allowing-SSL-Eavesdropping-545114/