This is the first Data breach that we know so much and also a real massive one. There are so many lessons that can be learnt so, anything that can provide a different view or perspective could be useful to us.
According to the article:-
Part of this problem stems from how these technologies are sold. Manufacturers, like FireEye, rely on network of re sellers and distributors to promote and sell these complex security controls. These intermediaries are almost exclusively focused on selling the product, rather than ensuring it works correctly. Likewise, their focus is on promotion and promises, not integration or education.
Target fell victim to the classic “set it and forget it” sales pitch. Perhaps if Target’s reseller partners had communicated an honest total cost of ownership for FireEye, Target might have invested the resources necessary to implement it correctly. However, that is the problem, few resellers ever do that because it could jeopardize their business. Moreover, these resellers just want to move gear, they have no vested interest in whether that gear works or not.
Target’s security teams lack the authority, ability, or willingness to affect change. Executive leadership views information security is a “necessary evil.” They are quick to dismiss any security control (or person) when there is even a whiff it could create a roadblock to operations.
Human beings simply do not have the cognitive ability to react to events at the speed of modern networks. Human time is measured in hours, days, and months. Networks work in nanoseconds, well beyond the ability of human cognition.
We must empower leadership to make intelligent decisions about security; decisions that can affect change in real, tangible ways.
The links below has more information:
No comments:
Post a Comment