西雅圖求學記

Introduction

Information technology which brings convenience to people can help people in many ways.  For instance, an enterprise uses technology in its business model or organizational architecture to help its development.  Even though people have become used to the use of technology applications, technology is not omnipotent.  Fonseca (2015) shows when people benefited from technological innovations, they are often negligent that technology might fail.  Information security is an important part of how an enterprise uses information technology in its business.  If an enterprise does not pay attention to its information security management, this can lead to external threats to its information system.  Hackers attacking Target is one case.

Target Corporation (Target) which has 1,793 stores in the U.S. (Target, 2016) is one of the largest retail chains in the U.S.  Target sells articles for daily use, such as clothes, food, household appliances, and furniture. In order to give its customers more services, Target also has online business.  Now, Target has 341,000 employees worldwide (Target, 2016). 

Problem

Around black Friday in 2013, Target suffered an attacking by hackers.  Because its information security was breached, hackers stole customers' personal information, including customer names and credit or debit card numbers.  Security experts believed that hackers got the point-of-sale data from the terminals or Target credit card processors (Wallace, 2013).  Target confirmed this news.  Target thought that more than forty million credit and debit card members may have been impacted (Target, 2013).  “This malware utilized a so-called “RAM scraping” attack, which allowed for the collection of unencrypted, plaintext data as it passed through the infected POS machine’s memory before transfer to the company’s payment processing provider” (A “Kill Chain” Analysis of the 2013 Target Data Breach, 2014, p. 2).  Because of this incident, these data may have been sold on the black market.  The stolen data were likely to be used to counterfeit cards.  This is one of the biggest data leakage incidents in the United States.  

Case analyses

As Target is one of the largest retail chains in the U.S., it has a strong competitive position in the market.  According to Target (2016) illustrated one of their strengths is merchandise are diversification.  However, the more competitors enter the market, the more products may be overlap. Target may lose their competitive advantage.  According to Porter five forces analysis, this is called threat of substitute.  It means when products are diversification in the market, customers have more choice.  Therefore, Target launched low price products to attract customers who care about the value-driven in order to increase its market share (Target, 2016).  However, when the hacker incident happened, a huge amount of data was breached, and it could have made customers not trust Target.  An urgent priority is doing crisis management, improving data security to make its customers believe them again.

Alternative solutions

In order to avoid similar situations happening again and prevent information security vulnerabilities, an enterprise should focus on how to reinforce information security.  Training employees, vulnerability scanning, and data encryption are the three solutions that I want to recommend.

Training employees

As the network technology and information technology moves fast, not every employee knows what it is, not to mention knowledge of information security.  To strengthen knowledge of information security, regular training employees are necessary.  An enterprise can hire information security experts to its company. Teaching basic knowledge of information security helps employees understanding.

Vulnerability scanning

With development of technology, enterprises are increasingly dependent on information systems. The technique of vulnerability assessment lets IT staff evaluate the security of a system in depth (Kupsch, Miller, César, & Heymann, 2009).  To prevent the system being attacked by malware, regular system scans are necessary.  However, regular scans do not mean a computer is always secure from malware attacks.  Vulnerability scanning is one of the most important information security technologies.  It is a way to prevent system before malicious attackers appear.  Vulnerability scanning is using a program to scan a system.  It simulates of various hacker methods of attack, then trying to find security vulnerability and fix it.

Data encryption

When enterprises use information systems, all of the information will exist on database. Therefore, improving data security is necessary.  How to prevent this data will not leakage is an issue that enterprises should focus on.  Data encryption is data translating into a secret code through an algorithm.  "Data encryption is the act of changing electronic information into an unreadable state by using algorithms or ciphers"(Ruddick, 2013).  An enterprise can prevent its data leakage by this way.

Conclusion

Lessons learned from Target, information security is an important issue which should be of concern.  Personal information is very private. If personal information is leaked not only data was stolen but also customers can be lost.  The case of Target taught us that enterprises should strengthen network security management.  If enterprises can pay attention to it, they will reduce technology failures in business.