From a recent newsletter by my friend and fellow chair Alan Hauge.
“You Vendor, Me Victim”: or How Target’s friends did it in.
The hacking of 40 Million Target Shoppers over the holidays is a still unfolding travesty and other retailers like Neiman Marcus and others have likewise been affected. It’s bad enough when hackers target your system directly, but it now appears that Target was compromised by the lack of security at its VENDORS; the very people with the largest stake in Target’s success were the unwitting pathway for the criminals who stole so much personal data!
To Target’s dismay, it was announced on Friday that the vendor in question was not a giant merchandise supplier, but a small 125 person mechanical contracting firm in Pittsburgh, PA that had done some work for several Target’s stores. Hackers targeted the vendor’s system and its connection to Target’s vendor management system through which they found the access they were looking for..
If you’re a C-Level decision maker, this buck will find its way to your desk as the CEO of Target has learned to his sorrow; so take a few minutes for an executive summary by Vistage Speaker Mike Foster who has advised hundreds of Vistage CEOs across the US on how to understand and manage this increasingly risky aspect of their businesses.. In a recent blog post, he gives an overview of what happened plus the questions you should be asking your IT Staff before you get a very different set of questions from irate customers and other stakeholders because you failed to protect them. Mike provides two videos (one short, one long) in that blog entry that provide a list of questions to ask your team to determine whether you’re being hurt (unintentionally) by those who are supposed to love you.