Supply Chain Risks Figure 1 [5,6]<\/span><\/p>\n Soon after the incident, Target pledged to spend $100 million upgrading its security systems [3] and, as part of a more recent settlement [7], the company agreed to further enforce its compliance with Consumer Protection Statutes and deploy a comprehensive Information Security Program to protect personal information it collects from customers. Albeit huge investments on data security, protecting its systems from hacking continues to pose a great challenge to the company. So much so that 4 years after the major data breach, Target acknowledged that it continues to experience data security incidents [8]. As a result of the inability of companies to prevent such leaks, the number of US customers who experienced identity fraud increased 16% in 2016 to a historical record of 15.4M people [Figure 2] resulting on an estimated loss of $16Bi [9]. To minimize financial losses, many companies, including Target, have heavily relied on cyber-insurances that, although effective on compensating the economic aspect of the hacking, is a palliative solution that do not address the root cause of the problem.<\/span><\/p>\n US Customers Who Experienced Identity Fraud Figure 2 [9]<\/span><\/p>\n To\u00a0<\/span>deliver a higher level of security to its customers, Target\u2019s management should focus on 3 key areas that are highlighted by many specialists [10] as foundations for a robust and reliable supply chain network.<\/p>\n First, Target\u2019s supply chain needs to be thoroughly mapped and well understood so that all links of the network can have its weaknesses identified and adequately protected [Figure 3]. In addition to that, security systems and protocols must be established and tested to guarantee its efficacy once real threats are identified. A good example comes from the tech industry in which companies like Google run annual simulations of service disruption to evaluate how well teams go through response procedures and manage to keep the systems working and the data safe [11].<\/span> Figure 3: Anatomy of a Supply Chain Breach [12]<\/span>\u00a0\u00a0<\/span><\/p>\n Second, the human factor needs to be addressed. Weeks before the 2013 breach, multiple malware alerts were ignored and prevention functionalities that could have mitigated the extension of the leak were turned off by administrators who were not familiar with the systems [4]. Therefore, a comprehensive training agenda needs to be put in place to educate all employees on basic security measures and also restrict access to sensitive data to a small and well qualified portion of the organization.<\/p>\n Finally, strong cryptography and multi-layer protection should be used to store and transmit sensitive data. Those measures add an extra layer of protection and avoid that, in case of a leak, any of the leaked information be ultimately used.<\/p>\n It is far from trivial, especially for retail companies, to put together such a complex system and many of them have relied on third-party cyber security and insurance firms to mitigate the risks. It is still open to debate, though, to which extend the responsibility for managing customer\u2019s personal information should be transferred to third parties and how much retailers should rely on insurance companies to mitigate the implications related to data breaches.<\/span>\u00a0(727 words)<\/p>\n [1] strategy&, \u201cIndustry 4.0 – How digitization makes the supply chain more efficient, agile, and customer-focused,\u201d PwC, 2016 How supply chain digitalization helped hackers to exploit an air-conditioning firm and compromise operations of one of the US biggest retail companies.<\/p>\n","protected":false},"author":10294,"featured_media":21214,"comment_status":"open","ping_status":"closed","template":"","categories":[845,3235,2309,316],"class_list":["post-21213","hck-submission","type-hck-submission","status-publish","has-post-thumbnail","hentry","category-cybersecurity","category-digital-supply-chain","category-hacking","category-target","hck-taxonomy-organization-target","hck-taxonomy-industry-retail","hck-taxonomy-country-united-states"],"connected_submission_link":"https:\/\/d3.harvard.edu\/platform-rctom\/assignment\/rc-tom-challenge-2017\/","yoast_head":"\n
\n<\/span>% of respondents that are \u201cvery concerned\u201d about each risk year-on-year<\/em><\/span>
\n<\/span><\/p>\n![\"\"](\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2017\/11\/Figure-1-1.png\")
<\/a><\/p>\n
\nIn Millions<\/i><\/p>\n <\/span><\/p>\n
\n<\/span> \u00a0<\/a><\/span><\/p>\n
\n[2] B. Krebs, \u201cThe Target breach, by the numbers,\u201d May 2014, at https:\/\/krebsonsecurity.com\/2014\/05\/the-target-breach-by-the-numbers\/<\/a>, accessed November 10, 2017
\n[3] E. Kvochko, R. Pant, \u201cWhy Data Breaches Don\u2019t Hurt Stock Prices,\u201d 性视界 Business Review, March 2015
\n[4] X. Shu, \u00a0K. Tian, A. Ciambrone, D. Yao, \u201cBreaking the Target: An Analysis of Target Data Breach and Lessons Learned,\u201d January 18, 2017, arXiv:1701.04940
\n[5] SCM World, “Future of Supply Chain surveys,” 2016
\n[6] SCM World, “Chief Supply Chain Officer Surveys,” 2012-14
\n[7] Attorney General of the State of New York, Bureau of Internet and Technology, Assurance no. 17-094, \u201cTarget Corporation Settlement,\u201d May 8, 2017 at\u00a0https:\/\/ag.ny.gov\/sites\/default\/files\/nyag_target_settlement.pdf
\n<\/a>[8] Target Corporation, Form 10K – Annual Statement, January 2017
\n[9] Javelyn Strategy & Research, \u201c2017 Identity Fraud Study,\u201d February 1, 2017
\n[10] N. Lord, \u201cSupply Chain Cybersecurity: Experts on how to mitigate third party risk,\u201d July 27, 2017 at\u00a0https:\/\/digitalguardian.com\/blog\/supply-chain-cybersecurity<\/a>, accessed\u00a0November 10, 2017
\n[11] Wired, \u201cGoogle Throws Open Doors To Its Top-Secret Data Center\u201d, October 17, 2012, at\u00a0www.wired.com\/2012\/10\/ff-inside-google-data-center<\/a>, accessed November 12, 2017
\n[12] Combatting Cyber Risks in the Supply Chain – SANS Institute InfoSec Reading Room – September 2015 – page 2
\n[13] M. Riley, B. Elgin, D. Lawrence, C.Matlack, Bloomberg, \u201cMissed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It\u201d, March 17, 2014, at\u00a0https:\/\/www.bloomberg.com\/news\/articles\/2014-03-13\/target-missed-warnings-in-epic-hack-of-credit-card-data<\/a>, accessed November 11, 2017<\/p>\n","protected":false},"excerpt":{"rendered":"