Verified Document

Security Breach At Target Essay

Computer Security Breaches Internal Controls and Receivables

On December the 19th Target publicly acknowledged they had suffered a data breach, which had resulted in the loss of 40 million customer payment card details, along with their names, expiry dates, and the encrypted security codes (Munson, 2013), At the time this was one of the largest security breaches, with the firm suffering not just because they were targeted by criminals, but as a result of the failure of their internal controls.

The problem started when, in the run up to Thanksgiving, malware was installed on the payments system of Target (Riley, 2014). BlackPOS, which is also known as Kaptoxa, is malware designed for use on point of sales systems which operate on Microsoft Windows (Krebs, 2014). The Malware operates at the point of sales, when the customers' cards are swiped on an infected point of sale, the malware becomes active and at card details would be sent to a server within Target that had been commandeered by the criminals (Riley, 2014). Following the gathering of the payment card on the commandeered server the hackers had to upload the exfiltration malware to extract the details for their own use (Riley, 2013)....

Parts of this document are hidden

View Full Document
svg-one

The data was extracted from the server, sending it first to staging points as a way of disguising the hackers' trackers, with the final destination being the hackers own location in Russia (Riely, 2013).
In many cases internal controls failed because malware goes undetected, the shocking issue with this breach was the way in which the firm had prepared for this type of event, $1.6 million had been invested in Malware detection, from the firm FireEye, a security specialist that also serves organizations such the CIA (Riley, 2013). The breach was noticed on the 30th of November 2012 by Bangalore team of security specialists that monitored the Target system; they raised the alarm, informing Target of the breach. It was here the system failed, as Target failed to respond or take action Krebs, 2014; Riley, 2013). Therefore, the internal failure was not one of detection, but of the ability of the firm to respond following the detection of the active threat. The failure resulted in a level of negative publicity, and the firm suffered a 46% drop in profit the last quarter of 2012, and costs for the community and banks associated with the stopping and reissuing of the cards is estimated to be approximately…

Sources used in this document:
The plan to overcome this needs to build in the detection, with the development of a strict protocol for what actions should be taken and by whom where is a security breach, including who does what, with time scales and specifics responsibilities.

Part 2

Firms will take a number of issues into consideration when assessing whether or not to extend credit to customers. The first consideration may be the internal position of the firm and the resources that have which may or may not support the extension of credit. Where credit is extended to customers, and funding by the firm, this can increase significantly the level of accounts receivable outstanding and result in a significant increase in capital tied up in inventory. The firm will also have to allow for the potentials for bad debts (Howells & Bain, 2007). The firm may aid cash flow with the use of factoring firms. The firm may also need to look at other internal resources such as the personal and systems, to ensure they can
Cite this Document:
Copy Bibliography Citation

Sign Up for Unlimited Study Help

Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.

Get Started Now