As a regular shopper at Target, I’ve been closely following the data breach ordeal. This week, I learned that the company did, in fact, have security intelligence in place, but the company’s Security Operations Center (SOC) didn’t react in time to prevent the damage. Astonishing!
It’s my hope that the following questions will eventually be answered, too:
- Why did the SOC team in Minneapolis, Minnesota, not respond to the alerts sent from their Bangalore counterparts, who discovered suspicious behavior on their systems when the attackers were laying the groundwork to steal data?
- Why weren’t there any checks and balances in place? After the Bangalore security specialist team found out about the unusual behavior on their systems and alerted the SOC, shouldn’t they have followed up after getting no SOC acknowledgment?
- Why, even after Brian Bobo, the former SOC manager, left the position in October 2013, didn’t Target immediately hire someone to fill such a critical position?
- Why, despite security monitoring and intelligence in place, could Target only confirm the data breach an astonishing 19 days after the incident took place, and after the damage had been done?
- Complying with the PCI Data Security Standard is essential, but it’s no excuse for not stopping a data breach. Why does Target think its consumers will accept such a stance and continue giving it business?
While Target had good intentions with regards to protecting consumers’ personal information, it was a costly oversight to not strictly enforce a security “code of conduct” for SOC employees. This was a key contributor to the successful execution of the breach. Security technology alone cannot detect and stop attackers from stealing valuable data. Rather, only the successful synchronization of technology, people, and processes can.
What do you think? Would love to hear!