Target’s Devastating Information Security Incident

On December 19, 2013, Target Brands, Inc., one of the world’s largest retailers, announced a breach in customer data security affecting more than 40 million, and as many as 70 million, customers from 1,797 of the company’s US stores. (Ray, Elgin, Lawrence, & Matlack, 2014, and Isidore, 2014).   Information including customer names, addresses, email addresses, phone numbers, and credit card data was compromised by the use of malware installed in Target’s security and payments system (Walace, 2013, and Isidore, 2014).  This was a devastating instance of hacking and computer crime committed against the company and its customers, and was especially damaging since it occurred during the holiday season.  It resulted in negative impacts to Target’s relationships with customers, as well as its future earnings. 

Any business conducting online transaction processing should consider information security one of its top priorities.  Keeping business information, supplier information, and customer information secure is key to running a successful business and maintaining good relationships with business partners.  According to O’Brien and Marakas in Management Information Systems, “Effective security management can minimize errors, fraud, and losses in the information systems that interconnect today’s companies and their customers, suppliers, and other stakeholders” by integrating a variety of methods and tools to protect a company’s information system resources (O’Brien and Marakas, 2010).  Target Brands, Inc. had security management tools in place, and had begun installing $1.6 million in malware detection tools just six months prior to the discovery of the data breach (Riley, Elgin, Lawrence, & Matlack, 2014).  Unfortunately, there were holes in Target’s information management system that gave hackers the ability to infiltrate security measures and steal sensitive information.

According to Riley, Elgin, Lawrence and Matlack in “Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It,” the new malware system installed by Target had registered alarms of potential malware threats two weeks before the breach was discovered (2014).  These alarms, however, went untreated because an option in the software to automatically delete malware as it is detected was turned off (Ray, Elgin, Lawrence, & Matlack, 2014).  According to a quote from Edward Kiledjan, chief information security office for Bombardier Aerospace, in the article, this is not an unusual practice for businesses, as their IT security teams want the ability to make the final decision on what do to (Ray, Elgin, Lawrence, & Matlack, 2014).  In this instance, Target’s security team failed to recognize the alarms and potential threat, which caused trouble for the company and its customers.  Ultimately, however, it was the company’s decision not to let the anti-malware software do what it was designed to do and delete the incoming malware when it was uncovered that lead to devastating consequences.

Target is accused of failing to employ “reasonable and appropriate security measures to protect personal information” (Wallace, 2013), which is an ethical responsibility the company has to its customers.  The company reportedly spent $61 million responding to the breach in the first quarter of 2014, as well as saw a 46% decline in sales for the 2013 holiday season compared to the same quarter in 2012.  Since the attack, Target has taken measures to regain trust from its customers as well as ensure the company is doing what it can to prevent another catastrophic incident from happening again.  The company stated that customers would not be liable for the cost of any fraudulent charges, and it has promised to help lead the transition from magnetic strip credit cards to cards with embedded chips by spending $100 million for upgrades to cash registers and other technology that read the new cards (Ray, Elgin, Lawrence, & Matlack, 2014).  The new chip embedded cards provide heightened security to card holders compared to the magnetic strip cards used currently in the US (Biersdofer, 2014).  Target also offered a year of free credit monitoring and identity theft protection to all customers who shopped in its US stores, as another way to rebuild trust (Isidore, 2014).

References:

Biersdorfer, J. (2014, June 9). The Shift to Safer Chip-and-PIN Credit Cards. The New York Times. Retrieved July 29, 2014, from http://www.nytimes.com/2014/06/06/technology/personaltech/the-shift-to-safer-chip-and-pin-credit-cards.html?_r=0

 

Isidore, C. (2014, January 11). Target: Hacking hit up to 110 million customers. CNNMoney. Retrieved July 29, 2014, from http://money.cnn.com/2014/01/10/news/companies/target-hacking/

 

Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014, March 13). Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. Bloomberg Business Week. Retrieved July 29, 2014, from http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

 

Wallace, G. (2013, December 23). Target credit card hack: What you need to know. CNNMoney. Retrieved July 29, 2014, from http://money.cnn.com/2013/12/22/news/companies/target-credit-card-hack/

IT Strategies for Transnational Organizations and Toyota Motor Corporation

The world is growing smaller every day.  With the technological innovations of the recent past, global and multi-domestic businesses have become increasingly easier to conduct.  These business strategies depend on corporate headquarters to manage operations and provide new processes, products, and ideas.  Transnational organizations, however, are at the forefront of these businesses, conducting their operations across countries, reaching all ends of the globe, all while depending less on centralized IS operations and independent IS units for subsidiaries.  These organizations rely on “integrated and cooperative worldwide hardware, software, and Internet-based architecture for [their] IT platform” (O’Brien, 2011).  With this innovation of transnational business, comes unique challenges, and transnational organizations must develop successful IT strategies to overcome them.  There are several IT strategies that transnational organizations employ to ensure success in the marketplace, and this analysis will look at some of those strategies and the ways Toyota Motor Corporation (Toyota) has implemented them as a transnational organization.

Toyata is a transnational organization that operates 51 production bases in 26 different countries and regions around the world (Toyota).  Although it is headquartered in Japan, the company stresses the importance of minimizing support that comes from the corporate headquarters in order for each of the overseas locations to become self-reliant (Toyota).  

Image from Toyota-Global.com

This has lead Toyota to implement many strategies to assist in its overall IT strategy.  One strategy in place at Toyota is accessing world markets and providing mass customization in them (O’Brien, 2011).  Transnational companies have the ability to connect with people all over the world, and in doing so need to be able to communicate with them.  Communication strategies and technological infrastructures provide companies with the ability to communicate with people in local markets in their native languages, while understanding local cultures and customs (Gelsomino, 2011).  This global research and development also gives the company the ability to customize its products and services to local markets, therefore expanding its customer base (Raisinghani).  Toyota has nine R&D bases around the world, and spends a lot of time and resources researching and developing not only the technical aspects of its products, but also the laws and regulations in countries where its products will be sold in order to customize them for those markets.  It also develops ways to customize a customer’s experience, such as offering a geographic search for a local market, which then caters to the language of that region (Toyota).  

Another IT strategy of transnational organizations is global customer service (O’Brien, 2011).  Beginning in 2003, Toyota built Global Production Centers (GPC) in an effort to establish “best practices” from all of its affiliates and ensure consistent personnel training.  These centers train personnel using visual manuals, including video and animation, which reduce the length of training time and ensure that all personnel have the same level of training and can be equally valuable in assisting customers.  These centers contribute to a well-integrated IT infrastructure that connects divisions of the company from all over the world.  The relationships of these divisions help improve customer service by increasing the resources available to the consumer base. (Toyota)

From Toyota-global.com –“Flags in the GPC of all the countries from which trainees come”

Global supply chain and logistics is another IT strategy employed by transnational organizations (O’Brien, 2011).  The use of the Internet, Extranet, and other networks, makes building relationships with suppliers easier and more efficient.  It also helps to simplify the logistics of moving supplies to designated locations.  It is not uncommon for transnational organizations to enter into strategic alliances with suppliers and other business partners to save time and resources and build specialized competencies that give the organization an advantage (Raisinghani).  Because not all decision making is centralized in transnational organizations, local branches of the company have the ability to form strategic alliances that benefit the entire company.  Toyota stresses the consistency of its products, but it also aims to make its various locations self-reliant (Toyota).  Because of this freedom, those locations have the opportunity to establish beneficial relationships with suppliers.

References:

Biggest transnational companies. (2010, July 29). The Economist. Retrieved July 15, 2014, from http://www.economist.com/node/16702193

Gelsomino, J. (2011, January 3). Transnational Companies: Keys to a Successful Globalization Strategy. Yahoo Contributor Network. Retrieved July 15, 2014, from http://voices.yahoo.com/transnational-companies-keys-successful-globalization-7454306.html?cat=15

Globalizing and Localizing Manufacturing. (n.d.). Toyota Global Site. Retrieved July 15, 2014, from http://www.toyota-global.com/company/vision_philosophy/globalizing_and_localizing_manufacturing/

O'Brien, J., & Marakas, G. (2011). Enterprise and Global Managment of Information Technology. Management Information Systems 10e (603). New York: McGraw-Hill/Irwin.

Raisinghani, M. (n.d.). Transnational Organization. Transnational Organization. Retrieved July 15, 2014, from http://www.referenceforbusiness.com/management/Tr-Z/Transnational-Organization.html

Role of the Global Production Center (GPC). (n.d.). Toyota Global Site. Retrieved July 15, 2014, from http://www.toyota-global.com/company/vision_philosophy/globalizing_and_localizing_manufacturing/role_of_the_global_production_center.html

Select Your Region. (n.d.). TOYOTA MOTOR CORPORATION GLOBAL WEBSITE. Retrieved July 15, 2014, from http://www.toyota-global.com/select_region/