Target's IT, security scrutiny could spread

All companies may have to revisit their IT spending and security practices following the Target data breach. Does anyone really believe that Target was the only company that had lax practices.
Written by Larry Dignan, Contributor

Target is under fire from all corners---customers, shareholders and the press---and one side effect is that companies going forward will be itching to show they aren't underinvesting in information technology and security.

The latest pummeling of Target came on Thursday courtesy of a Bloomberg Businessweek report. The gist: Target ignored warnings from security vendor FireEye and allowed a hack to occurs that could have been prevented. Forty million accounts were impacted by a data breach and then Target disclosed another 70 million were also at risk.

MasterCard, Visa form group to push better payment security

Businessweek portrays Target as a company that could have stopped the breach without human intervention, but turned a key FireEye feature off.

In a nutshell, Target management is on the firing line. CEO Gregg Steinhafel is facing declining sales, competition from Amazon, the loss of customer trust and multiple miscues. CIO Beth Jacob has resigned and Target plans to replace her and add a chief compliance officer and chief information security officer.

Target's master plan is to restore trust by becoming a model of information security best practices. Target doesn't have a choice, but the reports like the one from Businessweek scream "too little too late."

Wall Street analysts seem to be worrying about the costs of Target's newfound security and IT push. Cowen analyst Faye Landes said in a research note:

It is conceivable that the steps that the new CIO, COO and Chief Security Information officer advise will be costly, as many sources have indicated to us that they believe that Target has been underinvesting in IT.

Of course, Target will have to ramp technology and security spending. There's little alternative. Everything Target does will be scrutinized.

In fact, it's not much of a stretch to project that Target's IT spending scrutiny will spread to other publicly held companies. Should Target take a hit due to reputation, falling sales or lawsuits, every company will have to revisit the amount it spends on security and technology.

Does anyone really believe that Target was the worst at IT in the retail sector? Is Target really the only company that failed to heed security warnings?

Overall, this re-evaluation can be healthy---especially since the scrutiny is going to be short-lived. Even Target's woes will blow over at some point.

Until then companies won't want to be viewed as IT spending and security penny pinchers.

Related: Visa CFO: 'Quite a bit of investment' needed to install chip technology | Visa CEO: We need better security, EMV chips, tokens | Target CIO Jacob resigns following data breach |  Target's data breach tab mostly covered by insurance so far | How hackers stole millions of credit card records from Target | Target hackers hit air-conditioning firm first as a way in | Target's data breach: It gets worse | Many times bitten, retailers scramble to prevent another Target-like meltdown 

Editorial standards