Acknowledgment
The authors wish to thank Professor Anjanette Raymond for her assistance, guidance, and feedback on this article.
Shortly before Thanksgiving 2013, someone installed malicious software (malware) on Target's security and payments system. The malware was designed to steal information on every credit card used at the company's 1,797 U.S. stores. At a moment when shoppers were focused on spending for the upcoming Christmas season, malware began capturing their credit card numbers and storing that captured information on servers commandeered by the hackers. In theory, Target was prepared for the hack: six
Target was at the forefront of technology in 2013, investing in state-of-the-art security. The company was warned when the hackers attacked in 2013, but it ignored multiple alerts that something was wrong and continued selling to consumers. As a result, millions of people continued to swipe their credit cards and their information continued to be sent to hackers. The resulting loss of critical consumer data put millions of people at risk for identity theft (Riley, Elgin, Lawrence, & Matlack,
In many ways, the Target data breach may serve as a watershed moment in cybersecurity regulation. Awareness of the behavior of Target employees laid bare the extent to which businesses are comfortable allowing employees to circumvent technology in ways that greatly expose their IT systems to data breaches.
Congress is currently considering a plethora of cybersecurity and data breach laws. Congress's considerations are structural as well as procedural as it assesses the framework of the current
With liability for cybersecurity expanding in uncertain and dangerous times, cyberattacks pose increasingly serious threats to many companies. However, a few simple, prospective reforms can get these businesses moving in the right direction.
Industry has the ability to solve the issue of cybersecurity quickly and efficiently, but it needs the proper incentives. Fortunately, the incentives are rapidly emerging. The potential for nonmarket intervention is rising as it keeps pace with the ominous growth in both the number of cyberattacks and the number of interconnected devices (Verizon Enterprise, 2015b). Wall Street is pouring millions of dollars into cybersecurity stocks, and experts predict that this trend will continue (Vardy,
Astute businesspeople recognize the obvious incentives to begin driving the cybersecurity conversation, including the need for protection against hackers, the desire to influence the policy discussion, and the realization that securing sensitive data can result in increased profitability. Fortunately, there is a clear path to becoming a leader in cybersecurity.
The Target data breach, if well heeded, can serve as a valuable lesson for businesses today. Cybersecurity threats are not about to go away. Companies need to be prepared and proactive to protect their customers, their information, their reputation, and their bottom line. The authors wish to thank Professor Anjanette Raymond for her assistance, guidance, and feedback on this article.Acknowledgment
The current state of IoT networks’ security posture makes it harder for businesses and consumers to preserve and trust the security of their digital assets. IoT devices collect and store highly sensitive data, such as personal, financial, and medical information, which are often the target of hackers [4]. This is often due to the widely distributed and complex attack surface of IoT ecosystems.
The primary reason behind the incident was a lack of internal control and incident management planning. It ultimately cost $18.5bn to settle the legal consequences and compensation from the incident.8 In another case, the Equifax data breach incident that happened in 2017 caused severe damage to the brand.