Unit 5 Blog - Target: A Security Breach Nightmare

Unit 5 Blog - Target: A Security Breach Nightmare

By

Lauren Camper

Benjamin Crump

Ryan Goodman

            A security breach is something that we all try not to think about. We put sensitive information in our cell phones and hope that nobody can hack into them and steal the information. We purchase items online with our credit cards while hoping that our personal information is safe. Everybody knows that there is a risk involved when using personal information on any internet-connected device. The same does not hold true, however, for brick and mortar purchases. Over the last several years, it has been a rare occasion that I have thought about the possibility of having my personal information stolen subsequent to a purchase at a brick and mortar store such as Target. Even if it does become something that we think about on a regular basis, there really is nothing that can be done, as a consumer, to prevent such risk except to pay for everything with cash. As cash seems to be a dying part of the past, a sudden resurgence in cash purchases seems unlikely. The reality that we face now is that our information is always at risk, we just need to be prepared in case our information is stolen. If you shopped at target in December of 2013, then your credit card information might have been stolen by hackers who gained entry into Target's information systems. According to Target's own website, up to 70 million individuals' personal information may have been stolen ("Payment Card Issue FAQ", n.d.).

            In early December 2013, hackers somehow managed to install a form of malware in Target's network. Unfortunately, this opened a hole that the hackers were able to exploit so that they could steal private customer information ranging from credit card information to addresses and other personal information ("Payment Card Issue FAQ", n.d.). According to an article in Businessweek, the Department of Justice informed Target about the breach in mid December (Riley, 2014). Target immediately began work to seal the breach and determine the extent of the damage. They had just installed a new malware detection software called FireEye a short time before the breach occurred. Apparently, the system raised alarms, but they fell on deaf ears; these alerts were missed by Target's information security team (Riley, 2014). The result of the breach was a 46% drop in 4th quarter profits year-over-year (Krebson Security, 2014). Consumer confidence took a nosedive specifically relating to Target. Within 6 months of the breach, both the CIO and the CEO were ousted. This video on Bloomberg highlights the fallout from the Target data breach Video - Target Data Breach Fallout.

            When evaluating the issues involved with the Target data breach, it is helpful to look at McCumber's Cube Framework, as shown below.

Source: http://en.wikipedia.org/wiki/McCumber_cube

            The cube gives us a theoretical framework from which to evaluate Target's data breach in terms of what went wrong and how to potentially correct it in the future. It is apparent that Target didn’t have policies or practices in place to monitor alerts from their brand new FireEye Malware protection program. Target didn’t have enough awareness, education, and training as it pertained to their executives and senior management regarding cyber security. In terms of what they did correctly, Target appropriately used and invested in the technology necessary to detect the attacks, FireEye. As for the critical characteristics of the data that was stolen, McCumber would classify the Target breach as an issue of confidentiality. Target was not able to keep the data confidential despite the trust that consumers placed in them. This framework highlights the need for Target to institute specific monitoring policies and practices regarding the FireEye Malware protection program as well as the need for intense training, education and awareness as it relates to all members of the company, especially senior management.

            Cyber-security is everyone’s issue. All levels of senior management should be concerned with cyber-security. Target’s CIO and CEO are both no longer with Target as a direct result of the data breach. According to an article by CNBC, a study done by a cyber-security firm indicates that only 45% of senior management acknowledged that they are responsible for protecting against cyber-attacks (Schlesinger, 2014). This is clearly an unacceptable statistic. As senior managers (executives), everything that happens to the firm or as a result of the firm's actions is their responsibility. It is unfortunately that the majority of senior managers do not feel this way. This points back to McCumber's cube framework and the need for education, awareness, and training, especially at the senior management level.

            Target has been attempting to do all they can in order to regain the confidence of the general public. Unfortunately, as with any breach in trust, this will take time. I am still hesitant to shop at Target because of this, even though that might not be a rational fear. As time moves on, Target will need to find ways to assure the public that their personal information is safe. They have begun to take steps towards that goal by putting a rush on their chip-enabled technology rollout to their stores ("Payment Card Issue FAQ", n.d.). This may or may not help protect customer information in the future, but it certainly helps to foster the public perception that personal data is being held safely and confidentially. Perhaps actual protection is not as important as the perception of protection, as is the case with the safety of our country. We are never truly safe from terrorist attacks, just as we are never truly safe from attacks on our information. As consumers, and as business managers, we need to take all possible steps in order to minimize the impact should a breach of information occur. Preparation could save us all a lot of time and money.

Sources:

Krebson Security. (2014, May 14). Krebs on Security RSS. Retrieved July 19, 2014, from             http://krebsonsecurity.com/2014/05/the-target-breach-by-the-numbers/

Payment Card Issue FAQ. (n.d.). payment card issue FAQ. Retrieved July 19, 2014, from             https://corporate.target.com/about/shopping-experience/payment-card-issue-FAQ#q5888

Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014, March 13). Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It. Bloomberg Business Week. Retrieved July 19, 2014, from http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

Schlesinger, J. (2014, May 11). Painful lessons from Target's massive data breach.CNBC.com.      Retrieved July 19, 2014, from http://www.cnbc.com/id/101650707#

Target's Data Breach: What Went Wrong?: Video. (2014, June 3). Bloomberg.com. Retrieved July 19, 2014, from http://www.bloomberg.com/video/target-s-data-breach-what-went-wrong-lRqQ2owdQsal8Wok1eYbpw.html

Unit 4- Transnational IT Business Strategies

 

 

 By

Lauren Camper

Benjamin Crump

Ryan Goodman

Transnational organizations are businesses that operate in multiple countries. Their business strategies, from an IT perspective, are unique in that they combine global configuration with local responsiveness (Linton, 2014). Centralized information systems are vital components of the transnational strategy (Linton, 2014). “Transnational IT operations enable an organization to deliver consistent information services to all locations and support high levels of collaboration, while allowing individual locations the flexibility to adapt to their local market conditions (Linton, 2014).” With any IT business strategy, there are pros and cons associated with its implementation. This blog post will detail the pluses and minuses of IT business strategies with transnational organizations as well as examine a real world case in which IKEA successfully implemented their transnational IT business strategies.

Transnational IT business strategies can come in several forms including global e-commerce, global supply chain and business continuity (to name a few) (Linton, 2014). Some of the informational technologies that enable businesses to succeed globally are web based applications, internet and extranet connectivity, and the ability to communicate in the local market place (Basu, 2014). Management of the implementation of the IT business strategies is important to ensure that the business goals are in line with the strategic IT goals.

There are many advantages to transnational IT business strategies such as:

-        They provide flexible operations in terms of business hours, service language and market reach. By operating in multiple time zones, business are able to provide customer service around the clock. Additionally, they are able to tailor their websites or business information to the local language or enable customers to select the language they would prefer. Lastly transnational companies are able to reach various markets by having a global presence (Marulanda, 2010).

-        There is potential for lower cost structures, being that the business operates in another nation that may have access to resources more affordably (Marulanda, 2010).

-        Business continuity is heightened. If a disaster were to occur in one location, the local company can recover its data from back-ups at other centers via the global network (Marulanda, 2010).

-        Collaboration is simplified which enables companies to “draw on expertise around the world (Marulanda, 2010).”

-        Supply chain management via transnational IT strategies enables businesses to connect with vendors and suppliers across secure networks. It enables businesses to tap into global networked resources; particularly in the time of a supply chain crisis (Marulanda, 2010). 

Adversely, if poorly managed, transnational IT strategies can negatively impact a business in the following ways:

-        Not every country has access to technological infrastructures which can severely impact a company (Marulanda, 2010).

-        Slow communication connections can be damaging to a business in terms of response times (Marulanda, 2010).

-        Unstable political environments can impact an organizations ability to conduct business or implement the technological strategies they wish to implement (Marulanda, 2010).

-        The technical capabilities of local employees may not be to the standard that the organization is accustomed, which can impact the ability to implement the appropriate technological needs (Marulanda, 2010).

IKEA is one of several successful transnational organizations that has implemented a successful IT business strategy. This Swedish based company is the largest furniture retailer in the world (Lu, 2014). Founded in 1943, the company is known for its easy to assemble furniture; sold at affordable prices (Lu, 2014). IKEA has over 9,500 products per store and operates in 37 countries (Lu, 2014). One of the many reasons this business is so successful is because of its supply chain strategy. IKEA stores mirror a warehouse layout. Each store has a logistics manager who is responsible for inventory replenishment. The replenishment system is based off of systemic calculations of consumer demand (Lu, 2014). They use a “minimum/maximum settings” system, developed by IKEA, to appropriately address inventory levels on a daily basis (Lu 2014). The company also uses automatic retrieval and storage systems which drive down their cost-per-touch (the number of times a customer touches a product- more touches equals more costs associated with the product) (Lu, 2014). In addition, IKEA has a robust online ordering system that is multifunctional for both customers and suppliers. The internet based site is segregated by country and displays various products, descriptions, and product availability. They also have a separate supplier’s link that enables suppliers to connect with the organization. Lastly, IKEA is widely known for its massive catalog that is produced annually. Ikea believes the shopping experience starts and ends at home, therefore they have created an interactive function for consumers to begin their shopping experience at home; not only from their computers but from their mobile devices. In 2013 IKEA created an interactive catalog which allows customers to use their mobile devices to scan catalog products and virtually place them in their homes to see how products will look in their personal spaces. This application enables customers to visualize furniture before purchasing it. Check out the video below for a first look at the interactive catalog.

 

 

Transnational IT business strategies are an important component for businesses. If managed and implemented correctly, they have the potential to heighten communication for customers, increase infrastructure, increase supply chain management and enhance flexibility. Mismanagement of these strategies can have the adverse effect on the organization. IKEA is one of several transnational organizations that has been able to sustain its global position because of it’s successfully supply chain management across the world, e-commerce efforts, and mobile application enhancements. Businesses should strongly consider doing their research before implementing a new IT business strategy for their transnational organization to optimize its potential for success.

 

Sources

Linton, Ian (2014). Transnational IT Operations as a Strategy. Retrieved from http://yourbusiness.azcentral.com/transnational-operations-strategy-4238.html

 

Basu, Chirantan (2014). What is a Transnational Business Strategy? Retrieved from http://smallbusiness.chron.com/transnational-business-strategy-20950.html

 

Marulanda, Jaime (2010). Transnational Operations. Retrieved from http://www.thecompanyofthefuture.com/post/Transnational-Operations.aspx

Lu, Clara (2014). Ikea’s Inventory Management Strategy:  How does Ikea do it? Retrieved from http://blog.tradegecko.com/ikeas-inventory-management-strategy-ikea/

 

Unit 3 Blog Post- E Business Systems

Unit 3 Blog – E Business Systems

By

Lauren Camper

Benjamin Crump

Ryan Goodman

E-business systems are an integral component for many businesses today. Organizations strategically implement e-business systems to effectively compete in local and global business. E-business systems include the use of networks, information technology, and the internet in various aspects of the business, both inside and outside of the organization (O’Brien & Marakas, 2011). They have the potential to heighten operational efficiency and strategic positions for businesses but if implemented incorrectly, they can have the opposite effect.

 Intel, one of the world’s largest computing technology companies, implemented an e-business strategy in 1997 in an effort to remain competitive with businesses such as IBM, Texas Instruments, and Dell Computers (Phan, 2003). At the time, Intel had over $25 billion in annual sales and was a global organization (Phan, 2003). Their goal was to increase efficiency by automating its business to business processes. In order to gain competitive advantage, one of their goals was to create an online ordering system. This would enable customers to be able to order products from anywhere and at any time. Intel also created an extranet to support customers and business partners; that was made available only to those authorized individuals (Phan, 2003). From an internal perspective, the company implemented an online benefits application, information sharing, time and expense reporting and web based financial planning (Phan, 2003). 

Operating efficiency is a contributing factor to sustaining competitive advantage. Intel increased their operating efficiency by creating an online presence that allowed customers to be “in the know” about everything related to Intel from products to company news; all at the click of a mouse. They transitioned customers from being phone/fax based to being online based (Phan, 2003). Additionally, customers were now able to create profiles online thereby tailoring their online experience to meet their exact needs in terms of products and applications (Phan, 2003). Lastly, account managers were able to securely send confidential information to customers whereas they previously would have had to spend time hand delivering the information (Phan, 2003). The table below depicts the E-business applications implemented by Intel (Phan, 2003).

While E-business systems can help create operating efficiencies they can also create problems and challenges. With any technological implementation, organizations have to ensure that information is secure, complete, and accurate (O’Brien & Marakas, 2011). For instance, a retail business that implements a new transaction system will want to ensure that the transaction information is complete and all information is transferred to the sales system accurately. In terms of e-commerce, businesses will want to ensure their customer information is secure from being intercepted. Intel faced some of these challenges with the deployment of their new e-business system. For instance, customer transactions were secured by Secure Socket Layer (SSL) encryption (Phan, 2003). This was legal in the United States but not for encryption technology worldwide. Intel encouraged their global customers to use a third party encryption that was comparable to SSL to protect their information online (Phan, 2003). Additionally Intel was using, amongst others, Microsoft Windows Operating Systems. At the time, this system was heavily susceptible to hacking. To avoid security breaches, Intel conducted its e-commerce mainly on virtual private networks to reduce the security risks (Phan, 2003).

 

E-business systems are an important tool for businesses today. They enable companies to achieve a competitive advantage over other organizations by building efficiencies internally and externally. From an internal perspective, e-business systems provide potential for efficiency improvements when producing goods, sharing information, and communicating amongst employees. From an external perspective, they have the ability to increase customer satisfaction with efficiency improvements with transactions, faster shipping times, and the ability to view company information online. Adversely there are disadvantages to consider as well. Businesses must be aware of application security and continuously monitor the systems in place to ensure it is operating effectively. Overall, the implementation of e-business systems has the ability to truly enhance an organization in the local and global market place as long as they are researched and implemented appropriately.

  

Sources

Phan, Dien (2003). E-business development for competitive advantages: A case study. Retrieved from http://staffweb.hkbu.edu.hk/vwschow/Case-study.pdf

 

(2014) Intel Facts. Retrieved from http://www.intel.com/content/www/us/en/company-overview/company-facts.html

 

O’Brien, James, & Marakas, George M. (2011). Management Information Systems. McGraw-Hill Irwin. Pgs. 272-283

 

Unit 1 Blog - Retail Industry

Unit 1 Blog - Retail Industry

By

Lauren Camper

Benjamin Crump

Ryan Goodman

            The material covered in this unit provided an excellent overview and background of why MIS is important and how it pertains to competition in business. Many industries, such as the financial industry mentioned in the real word case, are heavily dependent on a small competitive edge that can be gained by top-notch information technology. The retail industry is a perfect example of an industry that is dominated by several large players who constantly duke it out for any small competitive advantage. At the present time, many retail businesses are competing for their share of the e-Commerce business. Consumers continue to migrate towards online shopping, as evidenced by Amazon's efforts to create and perfect the experience of online grocery shopping (“Amazon Expands Grocery Business”).  In particular we want to examine the barriers to commerce for a particular company, Ross Stores, Inc.

            Ross is one of the leaders in the off-price retail space, along with TJX companies (TJ MAXX, HomeGoods, etc.) (Yahoo! Finance). The main competitive force that they both face is the rivalry of competitors in the industry. Ross and TJX are the two largest players in the off-price retail space. TJX is much larger by store count and market capitalization than Ross, but Ross is steadily growing year over year. They make their living off of closeout merchandise from brand name manufacturers that Ross is able to sell at deeply discounted prices. At the present time, and for the near future, Ross is confined to brick and mortar locations. Unfortunately, TJX has won the race for e-Commerce against Ross. TJX has a functional website where consumers can purchase clothing and other items. The race to e-Commerce was a huge factor in their rivalry that Ross lost. On the other hand, Ross is still able to remain a large player due to their cost leadership strategy. Both of Ross' brands, Ross Dress for Less and dd's Discounts, offer lower average prices than TJX. Ross is content with that strategy for now, and there are many reasons for this, most significantly are the three main barriers to e-Commerce for off-price retailers:

• ·         A competitive, elegant, user-friendly e-Commerce environment/website

(TJMAXX.com)

• ·         Powerful security protection features to safeguard consumers' information
• ·         Dedicated warehousing space for e-Commerce sales for storing, picking, and shipping products that consumers order. This warehouse would have to be accompanied by a new software package specifically designed for e-Commerce warehousing to communicate with the web environment as well as the already-in-place warehouse management system for brick and mortar distribution.

            A competitive, elegant, and user-friendly website is essential to the success of any e-Commerce business. Unfortunately, this quality of website does not come cheap, nor does it appear out of thin air. IT must hire a web development team that can design and implement a website that adheres to a high level of standards regarding usability, not to mention security. As the U.S. has recently witnessed, hacking customer information at a large retail chain, Target, has resulted in a loss of consumer confidence and the loss of several key executives' jobs (“Millions of Target Customers…”). As this video below highlights, the CEO even lost his job over the breach (“Target CEO Loses Job After Security Breach”). Video - Target CEO Loses Job

            Finally, retailers must obtain a dedicated warehousing space for the e-Commerce merchandise. This warehouse would have to be equipped with material handling equipment specifically designed for e-Commerce warehouses. Additionally, a new software package would have to either be created or purchased that would be able to manage the inventory of the warehouse as well as communicate with all other existing warehousing software that the retailer has in place. Ross' IT department would certainly be tasked with handling this, but it would require a massive project to research currently available industry software, assess the viability of designing the software in house, developing a recommendation, presenting the recommendation to management, and implementing the designated course of action. All of that would require large amounts of time and money.

            One system that might be attractive to a retailer such as Ross looking to get into the e- Commerce space is a system called Magento. Magento is enterprise level e-Commerce software that could provide a number of features that are attractive to Ross for various reasons (Magento.com). Obviously, this is just one of many potential options that the IT department would explore and assess. IT would want to know several things: what does it cost, what features does it offer, how compatible is it with current warehouse management system, and how reliable is it (e.g. what other industry leaders use this software). Learning the answers to these questions would help IT assess the viability of the various software packages available.

            Ross has chosen to compete as a low cost leader rather than trying to match TJX step for step with e-Commerce. For the time being, this strategy has been successful. With the way the future is looking now, though, consumers' lust for "I want it now and don't want to leave my house" will likely overtake the brick and mortar low cost strategy at some point. For Ross, however, the benefit of their current strategy is that they don't have to devote significant IT resources to creating and maintaining all of the previously discussed requirements that come alongside an e-Commerce business such as the website and warehouse software. TJX is likely spending large sums of money on those items. As for the downside, there is a chance that Ross could get left behind with all of the other brick-and-mortar-only stores. All companies, large and small, should closely evaluate their long term competitive strategy and see how e-Commerce should or should not play a role in it.

References

"Amazon Expands Grocery Business."The Wall Street Journal. Dow Jones & Company, n.d. Web. 9 June 2014. <http://online.wsj.com/news/articles/SB10001424127887324798904578526820771744676>.

"Ecommerce Software & Ecommerce Platform Solutions." Magento. N.p., n.d. Web. 9 June 2014. <http://magento.com/>.

"Millions of Target customers' credit, debit card accounts may be hit by data breach - NBC News." NBC News. N.p., n.d. Web. 6 June 2014. <http://www.nbcnews.com/business/consumer/millions-target-customers-credit-debit-card-accounts-may-be-hit-f2D11775203>.

"Ross Store Photo." Ross Store Photo. N.p., n.d. Web. 8 June 2014. <http://media.progressivebusinessmedia.com/photo/341/341687-Ross_Store_photo.JPG>.

"Target CEO Loses Job After Security Breach." ABC News. ABC News Network, n.d. Web. 9 June 2014. <http://abcnews.go.com/Business/video/big-number-target-ceo-loses-job-security-breach-23588889>.

"T.J.Maxx - designer brands at T.J. prices™." T.J.Maxx. N.p., n.d. Web. 9 June 2014. <http://tjmaxx.tjx.com/store/index.jsp>.

"Yahoo Finance - Business Finance, Stock Market, Quotes, News." Yahoo Finance. N.p., n.d. Web. 8 June 2014. <http://finance.yahoo.com/>.