INFO5301 Introduction to Information Security Management
Questions:
Task
Part A:
Search the web for news on computer security breaches that occurred during September-December 2015. Research one such reported incident. Prepare a report focusing on what the problem was, how and why it occurred and what are the possible solutions.
Part B:
Research about any popular hack case on the web which happened between 2012 and 2016 (For example, one very popular hack case is JPMorgan chase hack case (2015)) and prepare a report focusing on the following questions:• What was the problem?
• Who were affected and how?
• How was the attack carried out?
• What could have been done to prevent the attack?
Answers:
Introduction
Computer security breaches are very common now-a-days. People and companies from all over the world are suffering from it. It is the illegal withdrawing if information from some anonymous hacker or attacker. The information breaches can take place with private as well as government companies which uses internet as any part of their plan (Billies 2016). In these incidents, the confidential and sensitive data is copied, stolen or transmitted by unauthorized individuals.
This report focuses on two important security breaches which took place between September to December 2015 and the second which happened between 2012-2016. The first breach taken is the “Scottrade attack and the second hack describe in the report is the “yahoo data breach”. The report also highlights the security measures which could have been taken by yahoo and scottrade in order to prevent the hack from taking place. For better understanding of the problem and situations, the report has been divided into sections explaining the topics in detail.
Part A
Background of the problem
Around 4.6 million people connected with the organization were affected by the breach. The customers of “Scottrade”, who enrolled in the organization before
February 2014, were affected by the hack (Thompson 2017). The breach was a massive breach as the hackers succeeded to hack such a big organization instead of various security measures taken by the organization. The hackers managed to get various customer details such as the security number and emails. The attackers got access of the huge database of the company illegally and the hack was resulted by them. The names and physical address of the customers were stolen by the hackers and misused (Groshoff 2016). The organization has no clue of the hack as they were confident about their security system. FBI informed the organization about the hack and a huge breach came up. The company had to suffer a huge loss of data due to the breach.
How and why did the problem occur
There are several ways by which the hackers get the access of any company’s website. Server scanning, Wi-Fi vulnerability, social engineering and phishing could have been the reason behind the website being hacked. Malicious emails were the main reason behind this attack. The attackers sent malicious emails to get to the hackers. This act of getting unauthorized data through sending malicious emails is known as phishing (Vorbrodt 2016). The hacker sent spam emails to the employees of the company to get the data. Employees received the mails and as soon as they clicked on the mail to explore it, all the important data was transferred to the hacker’s mail and the hackers got access of the employee’s computers. Active employees of the company received the email from the attackers. Even though the company had set encryption to the passwords and information of the clients but the hackers got access of the data and thus, they hacked the accounts of the customers and stole the informations.
Ways which could have prevented the hack
There were various ways by which the organization could have prevented the hack. The safety measures which could have been taken by the firm in order to safeguard the information of the user are-
Employees would not have been allowed to share information to anyone. The employees of the firm could have been given proper training on the phishing attacks and the various ways t prevent those attacks (Hovav and Gray 2014). The organization would have strictly disallowed the employees to share the personal information of the client to any outsider. This could have been dome to keep the client information confidential
The company could have used more appropriate guard against the spam and other malicious emails. Proper filter could have been set on the account of the employees so that any malicious email would not be able to steal any information from their computers.
The confidential and sensitive information of the client would not have been shared to any other person except the trusted employees of the company (Lim et al. 2014). This way the breach of data through phishing could have been prevented.
The new employee of the corporation would have been given proper training on the phishing and other attacks. The new employees of the company are the ones who are most likely to get in the trap of the hackers. Thus, the new employees should have been trained properly nit to share the confidential information with any outsider. They must have been told about the importance of the employee data for the company’s brand image and other factors.
These were the ways by which “Scottrade” could have prevented the attack to take place.
Part B
Background of the problem
Yahoo is one of the largest search engines in the world. The internet service provider company had to suffer many breaches in the year 2016. The breach occurred two times. The first breach which was announced by the company occurred in late 2014. Around 500 million people were affected by the breach. The other breech recorded occurred around august 20143 and was reported in December 2016. Around 1 billion Yahoo users were affected by the breach. Both the breaches occurred in context of Yahoo is considered as the largest breach in the history of internet. Hackers stole several details of the users such as their email address, telephone numbers, date of birth, unencrypted and encrypted security queries of the customers and the encrypted passwords of the customers (Chen et al. 2016). The customers from all over the world criticized the brand to announce the breaches so late. The brand had to face several lawsuits because of the breach. The customers lost their confidential data. According to yahoo, the breach that occurred in 2014 was carried out by a “state sponsor actor” and the firm has also claimed that these types of thefts have become common.
What was the problem
The well known and renowned search engine Yahoo and the parent company of several other sites such as twitter and oracle was hacked two times by the Russian hackers. The first breach occurred in the year 2014 but was reported in the year 2016. Many of the customers of the brand were affected by the two breaches (Trautman and Ormerod 2016). The hackers stole sensitive information of the yahoo customers and the major targets of the hack were the government officials of U.S government, journalists from Russia and the other employees from several offices. According to the brand, the breaches were interrelated as they were state sponsored. The breach which occurred in 2013 was tied to forged cookies which allowed the hackers to access the accounts of the users without any passwords. This way the hackers stole the sensitive information from the accounts of the employees and various government officials. The major factor of the breach the number in which the hack took place. The database security of the organization was affected heavily as the hackers stole the information from the database of the site. The firm had to pay several fine for the reported data breach and various lawsuits. A company named Verizon agreed that it had been buying the online business of Yahoo since few days.
Who were affected and how
The customers who were targeted by the hackers in the breach were the U.S government officials journalists from Russia and the other employees from several offices. These people lost all the data from their mail and other accounts. The data also indulged some confidential information regarding the government strategies and other factors. The customers of yahoo had to suffer huge loss of their data and other essential informations. The customers lost their data and this could cause severe effect on the country as well if the information was taken by some terrorist organization. The government officials were affected heavily as their account contained essential and sensitive informations related to the government policies whose loss caused great harm to their firms and other organizations.
The other one who was affected heavily by the breach was the brand itself as the brand has to suffer heavy downfall in its brand image and other factors. Several lawsuits were filed against the company which left a very poor impact if the brand. The company had to face several charges and government investigation for several days and thus the company suffered massive down-hill. The company had to go through financial loss as well because several penalties were enforced on the company because of the loss that the government and other officials had to face.
Thus, the breach posed a very ill impact on both the customers as well as the brand.
How was the attack carried out
The hackers first made their way to the network of the brand for numerous months. The way to the network of the company helped them to get to the technological skeleton keys which helped them to unlock many of the user accounts at Yahoo. Hence, through this, many of the Yahoo accounts were under control of the hackers (Manworren, Letwat and Daily 2016). The hackers had strengthened their roots in the network of the organization and this allowed the hackers to steak the persona information of the users and they used the data to break into the accounts of other users.
The hackers got access to the backup of Yahoo’s database and they reset the passwords to get entry in the accounts of the users
What could have been done to prevent the attack
- Users must not have reused the old passwords
- Users must have been encouraged to use a combination of upper and lower case in their passwords
- The users must have been encouraged to use two factor authentications as it would send a code to verify the login of the user (Baskerville, Spagnoletti and Kim 2014).
Conclusion
Hence, from the above discussion it can be concluded that both the attacks had huge impact on the customers as well as the brand. Employees would not have been allowed to share information to anyone. The employees of the firm could have been given proper training on the phishing attacks and the various ways t prevent those attacks. The company could have used more appropriate guard against the spam and other malicious emails. Proper filter could have been set on the account of the employees so that any malicious email would not be able to steal any information from their computers.
References
Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security: Managing a strategic balance between prevention and response. Information & management, 51(1), pp.138-151.
Billies, R., 2016. Passphrases Are Better.
Chen, Y., Dong, F., Chen, H. and Xu, L., 2016, August. Can Cross-Listing Mitigate the Impact of an Information Security Breach Announcement on a Firm's Values?. In IOP Conference Series: Materials Science and Engineering (Vol. 142, No. 1, p. 012133). IOP Publishing.
Groshoff, D., 2016. Moore's Law versus Man's Law: How Cybersecurity and Cyber Terror Government Policies May Help or Hurt Entrepreneurial Startups. Chap. L. Rev., 19, p.373.
Hovav, A. and Gray, P., 2014. The ripple effect of an information security breach event: a stakeholder analysis. Communications of the Association for Information Systems, 34(50), pp.893-912.
Lim, I.K., Kim, Y.H., Lee, J.G., Lee, J.P., Nam-Gung, H. and Lee, J.K., 2014, June. The Analysis and Countermeasures on Security Breach of Bitcoin. In International Conference on Computational Science and Its Applications (pp. 720-732). Springer International Publishing.
Manworren, N., Letwat, J. and Daily, O., 2016. Why you should care about the Target data breach. Business Horizons, 59(3), pp.257-266.
Schneier, B., 2013. Carry on: Sound advice from Schneier on security. John Wiley & Sons.
Thompson, G.F., 2017. Time, trading and algorithms in financial sector security. New Political Economy, 22(1), pp.1-11.
Trautman, L.J. and Ormerod, P.C., 2016. Corporate Directors’ and Officers’ Cybersecurity Standard of Care: The Yahoo Data Breach.
Vorbrodt, A.R., 2016. Clapper Dethroned: Imminent Injury and Standing for Data Breach Lawsuits in Light of Ashley Madison. Wash. & Lee L. Rev. Online, 73, p.61.
Wang, W., 2016. A LEARNING MODULE FOR ADVANCED CRYPTOLOGY. Issues in Information Systems, 17(4).
Buy INFO5301 Introduction to Information Security Management Answers Online
Talk to our expert to get the help with INFO5301 Introduction to Information Security Management Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.