Wednesday, May 6, 2020
Computer Security Breaches and Hacking In Organizations
Question: Discuss about the Computer Security Breaches and Hacking In Organizations. Answer: Introduction Kaspersky Lab Computer Security Breaches In recent times the cyber security environment has grown due to events originating from cyber hacking attacks focused towards organizations data. Many organizations are currently taking precautions to prevent their valuable data from these attacks (Ritter, Wright, Casey Mitchell, 2015). Cyber-attacks have huge economic implications to organizations. Example of a computer security breaches that occurred was that of the Russian firm Kaspersky lab in October 2015. The firm is well known maker of antivirus software useful in protecting computer systems from virus attacks. The management reported that the security breach was directed to their network and was believed to have been caused by the company agents (Schou Hernandez, 2014). The aim of the attack was to gain access to company information that covers customer details and gather data relating to company new technologies and services. How the attack worked it included agents who got access to the company data storing unit that was managed and controlled by independent agency providing password management services Lass Pass. Many reported that it was an example of security firms being knocked around (Streeter, 2015). The case could have had the worst implication to Kaspersky because customers could have lost their confidence towards the security firm products. A company that was supposed to secure their data had failed. The Kaspersky management was able to identify the security breach before it had created any risks. The technical team was able to detect intruders in their servers and blocked them. Data information for customers was secured during that period of incursion. Security passwords were immediately changed and synchronized to the system. The management also integrated the attack to be part of its monitoring system. The management of Kaspersky was amazed with the breach of security because the company works under a licensing agreement and continuously works to develop new tools that can counter emerging attacks. They also reported that the attackers had suffered after losing expensive technology which they had developed for several years (Stroz, 2013). The company since has employed a new solution review that involves planning and assessments. The company manufactures examples of breaches and risks that might occur to a computer system and look for solutions for them. New methods and software tools are developed in order to have a forward solution to its customers. A cyber security insurance fund was created by the company to cover legal implications of security breaches on personal data and software failure (Schou Hernandez, 2014). They have established a discovery recovery system to help in forensic and quick response to cases of computer security breaches. Although much didnt happen in this case but it was a learning lesson that all organizations can be susceptible to computer security related risks and ensuring privilege protection is done (Streeter, 2015). JP Morgan Chase hacking Case (2015) The increase in IT use in many organizations resulted to explosion of internet users and high rate of cyber-crime. Cyber-crime related activities have become the greatest threat to billions of internet users and firms connected to the network. Organizations are losing millions of dollars and valuable data from cyber related crimes (Krausz, 2014). Example of a massive data breaches cyber-crime ever to have occurred in the United States was that of JP Morgan Chase hacking case of 2015. The company is one of the world leading banks that control a huge asset base and customer base. Federal authorities reported that in 2015 the JP Morgan Chase bank was hacked and the attackers gained accessed to 80 million customer accounts and 7 million small million business accounts details. Although no money was stolen the attackers gained accessed to valuable information containing customer personal details. The attackers were planning to use the data to start their own business brokerage business. The implication of getting access to such data was severe because it exposed customers to several risks from the attackers (Schou Hernandez, 2014). No explanations were fully given on how the hackers were able to carry out the attack. But several computer security analysts explained that the attackers were able to break into the banks computer server and disassociated the security passwords. That allowed them to get accessed to customer personal contact informations available within the computer main server master folder. They were not able to obtain security details of credit cards and debit cards which were unavailable in the system. The customer data collected was still useful to the attackers for they were used in pump and dump stock manipulation schemes. The personal information of targeted clients were used by the attackers to persuade them buy stock from fraudulent stock exchange market, and later existing from the scheme after receiving payments. The manipulative business generated millions of payday to them (Stroz, 2013). The federal authorities reported that out of four attackers only three were prosecuted for unauthorized access to computers, theft and other counts. The main actor was not found and that could pose more computer security risks to organizations. There were several recommendations that computer security analysts argued that JP Morgan Chase management could have done to prevent the hacking case. They should have added a verification protocol in addition to the security passwords to only allow a specified number of persons to the data (Easttom, 2016). Secondly they should have adopted a cloud based solution by contracting two independent agencies for hosting their data and a provider of password management service agency to keep custody of password security details. In addition the banks own management could have enhanced its data security by employing encryption to its master folder and using password reminder phases that could have mitigated the computer security risk (Krausz, 2014). References Ablon, L., Libicki, M. C., Golay, A. A. (2014). Markets for cybercrime tools and stolen data: Hackers' bazaar. Rand Corporation Retrieved on 12/04/2017 from: https://scholar.google.com/scholar?q=types+of+computer+security+breaches+and+hacksbtnG=hl=enas_sdt=0%2C5as_ylo=2013 Easttom II, W. C. (2016). Computer security fundamentals. Pearson IT Certification. Retrieved on 12/04/2017 from: https://scholar.google.com/scholar?as_ylo=2013q=computer+security+breacheshl=enas_sdt=0,5 Krausz, M. (2014). What is a breach? In Managing Information Security Breaches: Studies from real life (pp. 54-64). IT Governance Publishing. Retrieved on 13/04/2017 from: https://www.jstor.org/stable/j.ctt14tqch6.10 Krausz, M. (2014). General avoidance and mitigation strategies. In Managing Information Security Breaches: Studies from real life (pp. 65-109). IT Governance Publishing. Retrieved 0n 12/04/2017 from: https://www.jstor.org/stable/j.ctt14tqch6.11 Ritter, A., Wright, E., Casey, W., Mitchell, T. (2015, May). Weakly supervised extraction of computer security events from twitter. In Proceedings of the 24th International Conference on World Wide Web (pp. 896-905). ACM. Retrieved on 13/04/2017 from: https://scholar.google.com/scholar?as_ylo=2013q=computer+security+breacheshl=enas_sdt=0,5 Schou, C., Hernandez, S. (2014). Information Assurance Handbook: Effective Computer Security and Risk Management Strategies. McGraw-Hill Education Group Retrieved on 12/04/2017 from: https://scholar.google.com/scholar?as_ylo=2013q=computer+security+breacheshl=enas_sdt=0,5 Streeter, D. C. (2015). The Effect of Human Error on Modern Security Breaches. Strategic Informer: Student Publication of the Strategic Intelligence Society, 1(3), 2. Retrieved on 12/04/2017 from: https://scholar.google.com/scholar?start=10q=computer+security+breacheshl=enas_sdt=0,5as_ylo=2013 Stroz, E. (2013). Computer Crime Incidents and Responses in the Private Sector. In Hsu D. Marinucci D. (Eds.), Advances in Cyber Security: Technology, Operations, and Experiences (pp. 200-206). Fordham University Press. Retrieved on 13/04/2017 from: https://www.jstor.org/stable/j.ctt13x07xx.16
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.