Data breaches ending careers “right to the top” of C-suite

Posted 5.6.14 by

Co-CEO Yan Ness has a saying that Online Tech is “in the business of helping our clients sleep at night.” Primarily, he’s speaking of organizations not losing sleep worrying about compliance and data security. But at the C-suite level, more and more, protecting data privacy also means protecting careers.

On Monday, Target president and CEO Gregg Steinhafel resigned after 35 years with the company. According to a statement from the company’s board of directors, Steinhafel “held himself personally accountable” for the massive data breach Target experienced late last year. Target CIO Beth Jacob also resigned following the breach, which compromised up to 110 million customer records and cost the company $17 million in breach-related expenses and a significant blow to its reputation.

An Associated Press story claims Steinhafel is the first CEO of a major corporation to lose his job because of a data breach, “showing how responsibility for computer security now reaches right to the top.”

Research released on the day of Steinhafel’s resignation offers a glimpse into the severity of data breaches for companies: The Ponemon Institute’s annual Cost of Data Breach Study indicates U.S. companies that suffered a data breach in 2013 lost an average of $5.4 million. That’s a 9-percent increase from 2012 and an average of $201 per record lost.

To help it fight cybercrime, Target recently hired Bob DeRodes – a security expert who has worked with the U.S. Department of Homeland Security and the Department of Defense – as its new CIO. If that kind of hire is not in your organization’s budget, contracting with an experienced infosec professional can put solid security requirements in place at the design phase and clean up those that made it to production environments. Alternatively, outsource IT infrastructure to a company dedicated to security and compliance that will maintain your patches, monitoring, and other cybersecurity safeguards and best practices so you can focus your resources just on what your own organization needs to do to improve security.

What else can a company or organization do to protect against the threat of an attack on their systems? Layer up with security and create a comprehensive defense in depth solution that ties together log and file monitoring, two-factor authentication, patch management, vulnerability scanning and other technical security tools that can potentially detect and prevent a data breach of proprietary or sensitive data.

Weigh the cost-benefit analysis of preventative IT and the potential cost per record of a data breach in your respective industry – a little bit of good security can go a long way.

Related reading:

White paper: PCI Compliant Clouds

White paper: Mobile Security

Encryption Video Series

White paper: Encryption of Cloud Data


Associated Press: Target’s CEO first major corp boss to lose job in customer data breach

Network World: Data breaches 9% more costly in 2013 than year before

InfoSecurity: Target appoints new CIO, adds chip and PIN to payment cards

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get in touch with an Otava Rep today – just provide us with a bit of information below to get started and we’ll reach out to you shortly!