Target's Internal Security Team Warned Management 236
david.emery writes "According to this story, Target's own internal computer security team raised concerns months before the retailer lost millions of credit card numbers in an attack. (Quoting a paywalled story in the Wall Street Journal.) Target's management allegedly 'brushed them off.' 'At least one analyst at the Minneapolis-based retailer wanted to do a more thorough security review of its payment system.' This raises a more general question for the Slashdot community: how many of you have identified vulnerabilities in your company's/client's systems, only to be 'brushed off?' If the company took no action, did they ultimately suffer a breach?"
Re:Posting anonymously for obvious reasons... (Score:5, Informative)
Yes, there are horrible security flaws where I work. Things as basic as changing passwords on a regular basis have been brought up repeatedly, and the answer is always, "we can't make people do that", or "that's something to keep in mind for the future, but we have more important things to worry about"
I've worked at two kinds of places - one, where it was pretty much as you described. The second sort was, upon orientation you are given your accounts and access and told they are your responsibility to use discretely and to notify the appropriate support should you even suspect they have been compromised. Failure, in the second case, was ground for discipline or termination of employment.
Guess where things went more smoothly and security issues seldom elevated to crisis.
Re:customer service portal (Score:2, Informative)
You are a pathetic creature.
Re:Oh boy... Here we go... (Score:4, Informative)
document, document, document. And keep copies where you can get them once you are frog-marched out of the building wearing the scapegoat collar.
Re:Basically, yeah (Score:5, Informative)
So... where do I know you from?
You could have described my one and only firing ever, to the word.
Me: "Boss, Beancounter- this backup system is broken and needs to be fixed. here is a cost breakdown for the fix and a loss analysis for failure to fix. It is genius and incorporates existing links and hardware to minimize cost and implement offsite backups for all sites!"
Boss: "Shut up and go fix a printer somewhere."
Fast forward a year- major crash of a POS server. Loss of customer records, $300,000 and 6 months predicted to be spend reconstructing the database from paper records.
Boss: "You are fired for letting this happen."
Me: "...."
Re:Posting anonymously for obvious reasons... (Score:3, Informative)