It is no surprise that Target CIO Beth Jacobs resigned last week, taking the blame for the mega data breach before
the Christmas holidays that gave many people sleepless nights. According to InformationWeek Target CEO Gregg Steinhafel’s stated, the company will be “conducting an external search for an interim CIO, elevating the position of
chief information security officer and plan to look for a chief compliance officer outside the company as well.”
There are reports that state Beth Jacob's lack of IT background and technology competencies could have been one of the possible factors that cost her job.
That raises an interesting question! Should the CIO be a Technology expert and focus more on Technology or try becoming a Business Expert? There is an ongoing debate around the business vs. technical competencies of the CIO. Strong views have emerged in the last ten years or so, on the urgent need for CIOs to transition from a technology leader to a business leader with a strong understanding of how the business operates to successfully enable
Other interesting points are –
- In most large enterprises, the CISO has a direct reporting line to the board of directors and to the CIO of the company. Why did Target miss this structural anomaly
- How the hackers were able to transfer the stolen data off of the retailer’s network without anyone noticing. The question is whether there were just too many security silos in Target not sharing or cooperating with one another.
Did they miss the warning signs?
- Given the growing sophistication of attacks, CIOs must now reconsider whether or not managing the risk in-house
is wise. In many Enterprises IT Security Budget is an afterthought and requests for additional security resources or tools are normally ignored unless there is a regulatory push.
- Enterprises get so many alerts regarding potential problems that it is hard to figure out which one is really the bomb that’s going to explode. The need to have Security Management with Analytics capability which is key to success
Finally it is a wake-up call – the CIOs and CISOs should focus more on Technology and Security competencies which is their core competence. Business Focus is important but not at the cost of Technology and Security.
Dr. Jagan Vaman PhD CISA CGEIT C|CISO.
Source: Forbes, DynamicCIO, Information Week