This is part 3 of an n-part blog series, discussing the things I found to be game changers in Infosec in 2014.
Item: Target CEO resigns
What is (or was) it? Target's CEO resigned in the wake of the 2013 data breach
Why it's significant? Greg Steinhafel certainly isn't the first exec to lose a job after a breach, but he is one of the more prolific. He was a 35 year veteran at Target - more than a figurehead, he was a real company man. We expected heads to roll at Target after their breach, but usually we expect to see the CIO or CISO (or both) being made available to industry. The replacement of the CEO at such a large institution was sort of surprising. We knew this would be a black mark on his record, but again were surprised to see him leaving outright.
Could it have been prevented? Yes - of course it could have been (I see a theme emerging here). I won't do another postmortem on the Target breach here - plenty has already been written on that. But the short of it is that Target had all the logging data available to detect the attack - they had to have it to be PCI compliant. And of course, per the PCI standards (and other industry best practices) they were performing regular log reviews (wink, wink).
Here at Rendition Infosec, we believe that the Target's SOC and systems admins were understaffed and simply lacked the time and/or expertise to identify the evidence of compromise present in the logs. If staffing were appropriate (both in numbers and expertise), we believe that Target would have detected their breach early. We'll never close all the holes in the network, forget about preventing a compromise. Focus on detecting it before data is exfiltrated and you have a breach.
Stay tuned for more installments in the Infosec year in review.