Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

3/5/2014
03:27 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Target Seeks New CIO

Data breach last year prompts CIO Beth Jacob to resign; Target will hire interim CIO and chief compliance officer.

9 Notorious Hackers Of 2013
9 Notorious Hackers Of 2013
(click image for larger view and for slideshow)

Target is looking for a new chief information officer following the resignation of CIO and executive VP of technology services Beth Jacob on Wednesday.

As the company's top technology executive, Jacob had responsibility for Target's computer systems and network, which succumbed to hackers late last year, enabling a massive data breach.

The breach began on Nov. 27, was confirmed on Dec. 15, and ended on Dec. 18. The company initially said 40 million credit and debit card accounts were affected, but its investigation subsequently revealed that a separate set of data, stored elsewhere and covering 70 million accounts, also had been stolen.

One of the largest retail data thefts ever, the incident contributed to a 40% decline in the profit reported by the company last month.

[Can a phone be snoop-proofed? Read FreedomPop Debuts Encrypted Snowden Phone. ]

Jacob started with Target in 1984 as an assistant buyer. She left in 2002 then returned to the company in 2006. She was appointed CIO in 2008.

In an emailed statement, Gregg Steinhafel, chairman, president and CEO of Target, confirmed that the company is seeking a new CIO. "While we are still in the process of an ongoing investigation, we recognize that the information security environment is evolving rapidly," he said. "To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information security and compliance structure and practices at Target. As a first step in this effort, Target will be conducting an external search for an interim CIO who can help guide Target through this transformation."

Image credit: Jay Reed on Flickr.
Image credit: Jay Reed on Flickr.

Steinhafel said Target will be "elevating the role of the chief information security officer" and filling the position externally. He also said the company plans to look for a chief compliance officer outside the company. In addition, he said Target is working with Promontory Financial Group to assess its systems, infrastructure, business processes, and talent.

The new chief compliance officer position has been created in conjunction with a retirement: Target's current VP of assurance risk and compliance, Ann Scovil, previously planned to retire at the end of March, according to a company spokeswoman. As part of its effort to rebuild its information security infrastructure and processes, Target has decided to divide responsibility for assurance risk and compliance.

Beyond changes in personnel and processes, Target last month said it plans to invest $100 million to issue smart chip credit and debit cards and to equip its stores with the hardware to handle the technology.

Pen testing helps companies become more secure by finding and analyzing their insecurities, but pen test services can be fraught with their own kind of risk. In this Dark Reading report, Choosing, Managing And Evaluating A Penetration Testing Service, we recommend what to look for in a provider and its wares, how to get what you pay for, and how to ensure that pen testing itself doesn't open the company or its employees up to new risk. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Li Tan
50%
50%
Li Tan,
User Rank: Apprentice
3/9/2014 | 11:18:19 PM
Re: CIO or Chief Customer Officer?
Good point - we should have a know-how person in the enterprise, who has hands-on experience about security related technologies and the understanding about corportate security. CIO should not be the one who takes full security ownership.
Ariella
50%
50%
Ariella,
User Rank: Apprentice
3/6/2014 | 3:11:21 PM
Re: CIO or Chief Customer Officer?
@Alison that's an excellent point. Who has a greater need than a huge retailer with both physcial stores and an online presence?
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
3/6/2014 | 10:28:43 AM
Re: Target seeks Beth Jacob replacement
If she fought for better security and was shot down, then it seems unfair. If security was low on her radar, then she was part of the problem that allowed hackers to break into the company and damage its sales and image. As a CIO, you play a bigger and bigger role in a company's image these days. Tech is a large part (both before and behind the scenes). Think websites, etail, apps, and partnerships with third-party apps like Shopkick, and it's clear how important tech is to actual transactions plus marketing and engagement. That's one reason CIOs must push hard for smart security spending. Even if boards don't agree, at least CIOs are on record if the unimaginable happens. 
Alison_Diana
50%
50%
Alison_Diana,
User Rank: Moderator
3/6/2014 | 10:24:51 AM
Re: CIO or Chief Customer Officer?
I am surprised a company as large as Target did not have a chief security officer. A CIO doesn't need to have hands-on experience with technology; they should know how an organization can use technology to differentiate the business. But a CSO or CISO must be well-versed in security technologies and understand how various solutions can safeguard employees, customers, and partners without impacting the experience.
Li Tan
50%
50%
Li Tan,
User Rank: Apprentice
3/6/2014 | 12:45:41 AM
Re: Target seeks Beth Jacob replacement
From this perspective, CIO is becoming a kind of job with higher and higher risk. You need to not only make the decision for IT infrastructure, but also take care of the operation and prevent any kind of security breach. If an accident happened, unfortunately you may risk your career.:-(
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Ninja
3/5/2014 | 6:22:53 PM
Target seeks Beth Jacob replacement
Very hard to apportion blame from the outside. I'd be curous what an objective security expert, if there is such a thing, would say. The shops of some of the best people are broken into. But this decision to replace her will be noted by every CIO in the country and security will be tightened in many places,
WKash
50%
50%
WKash,
User Rank: Apprentice
3/5/2014 | 5:19:03 PM
Re: CIO or Chief Customer Officer?
Michael,  you make a good point here.  When you see what Amazon has done to retailing, even companies like Target have no choice but to morph into world class tech operations.
Michael Endler
50%
50%
Michael Endler,
User Rank: Apprentice
3/5/2014 | 5:07:43 PM
Re: CIO or Chief Customer Officer?
I think that's the case. Silicon Valley vendors are fond of saying that every company in the world will soon be a technology company. It's a good sales slogan when you're the one selling tech products and services-- but for any company the size of Target, it's also true.
WKash
50%
50%
WKash,
User Rank: Apprentice
3/5/2014 | 5:01:55 PM
Re: CIO or Chief Customer Officer?
Tom, I concede you're probably right.  The task of managing IT is so complex, being a good executive may no longer be enough.
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
3/5/2014 | 4:32:10 PM
Re: CIO or Chief Customer Officer?
Target doesn't mention any specific technical credentials in her bio. I wonder whether anyone can be a truly effective CIO these days without also having the CTO skillset.
Page 1 / 2   >   >>
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.