Target’s data breach settlement sets a low bar for industry security standards
Target’s multistate data breach settlement over its 2013 data breach outlines the kind of security measures enterprises should have in order to not be found negligent with customer data. The problem is, the settlement doesn’t go far enough to improve organizational security. For the pro-active CSO, the settlement should indicate the bare minimum and not what they should aspire to.
Tom Kellermann, CEO of Strategic Cyber Ventures and the former CEO of Trend Micro, called the terms a “slap on the wrist” for Target and said they were insufficient as they focused on keeping attackers out and not on improving response. Modern security needs to focus on reducing the amount of time between a compromise when detection, and making it harder for attackers to carry out their operations. While network segmentation and two-factor authentication will slow down attackers, the bulk of the terms are still defensive in nature.