Target's lost opportunity to say it's sorry

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://finance.yahoo.com/blogs/breakout/target-s-lost-opportunity-to-say-it-s-sorry-151302621.html

Given every opportunity to apologize for a malware attack last year, Target
(TGT) continues to hide behind technical verbiage and bloodless excuses.
The strategy might be legally satisfying but it's destroying the company's
brand and alienating customers.

The company gets another chance to say it's sorry today when executives
testify before Congress today about the malware attack that compromised the
financial and personal information of as many as 110 million customers. The
testimony comes a day after the Senate Committee on Commerce, Science, and
Transportation released "A 'Kill Chain' Analysis of the 2013 Target Data
Breach" that once again documented Target's failure to act on several
warnings.

Defenders argue that Target is already bending over backwards to appease
the angry masses. The malware was installed through a vendor and attacks
have happened at other major retailers. Objectively speaking a 10% discount
the weekend before Christmas; cut-rate credit monitoring and throwing an
exec under the bus should have been more than enough.

The problem with that strategy is that shopping isn't objective. It's
emotional. Shoppers are furious at the entire retail industry and they're
taking it out on Target. When asked if they "really believe organizations
care about your private data," 72.5% of people surveyed by HyTech say 'No.'
Throwing an executive under the bus and offering a 10% discount isn't going
to convince shoppers that Target cares.

The genius of Target's business model is offering low prices with dignity.
People hate Walmart (WMT) in large part because the rundown stores are an
insult. Even people who can afford paying full price appreciate a deal.
Target stores are supposed to be clean, efficient and safe. Calling
customers "guests" seems ridiculous to some people but the idea is to
convey a certain respect for people who enter the store. Giving customers
10% discounts and cut-rate credit monitoring is insulting.

What Target needs to do is grovel. Once they take full responsibility for
the attack the shock value of negative headlines disappears. It's not
enough to apologize. Target needs to strike a tone of abject contrition and
furious determination to never allow customers to be defiled this way
again. The company can makes itself a story of redemption. If Target struck
just the right chord it could actually steal market share by swaying the
distrustful masses. Instead it's posing as just another bloodless,
lawyered-up conglomerate.

Shareholders, employees and, yes, "guests" deserve better.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!