Prepare a report outlining the problem, its causes and possible solutions.
Part B: 10 Marks
Do your research on any recent hack case that took place between 2012-2016 (e.g., the JPMorgan Chase hack case (2015)). Prepare a report with the following questions in mind:
What was the problem exactly?
Who was affected and how?
How was it carried out?
What could have prevented the attack?
This assessment task is based the following topics.
The following learning outcomes are aligned to the assessment task:
Students will receive a diploma upon completion of this subject.
Be able to justify security objectives and the importance maintaining a secure computing environment against cyber threats.
Learn how to explain the basics of cryptographic algorithms.
Be able examine malicious activities that might affect the security and justification of the selection of controls to minimize threats.
Compare and contrast security mechanisms used in a trusted operating environment with those used by a general-purpose operating system.
Computer Security Breaches
Excellus BlueCross BlueShield was a prominent health care organization that was subject to a serious security breach in 2015.
The breach was reported to have taken place in 2013, according to the article.
It was remarkable that this breach was not noticed.
Excellus confirmed that Excellus had been breached on the 5th of August and claimed that an attacker gained unauthorized access to their database.
Analysis of The Crisis
Cybersecurity is the loss of sensitive, confidential and protected data.
This could be due to hacking or theft of data.
Excellus had to deal with a similar hacking incident a year ago. Excellus’ data was being hacked over the past year (Schorr (2015)).
The corporation emphasizes personal information of individuals and took serious steps to protect themselves from any future threats.
To avoid such breaches, the corporation has been working on developing an IT system.
Healthcare has been the most targeted sector in recent years.
Although the company has not yet revealed the exact details of the breach, it is not clear how it occurred and why it took so long to be noticed.
These data included the names of people, security numbers, birth dates, telephone numbers as well financial account information, addresses, and identification numbers.
All information that is very important and must be kept safe was lost.
The company was among the many companies affected by security breaches, including JP Morgan, Sony, Windows, and JP Morgan. (Karyda & Mitrou 2016).
According to officials, the current security infrastructure should be strengthened with tools that would block hackers in time. The breach could be stopped immediately and data could made more secure.
While it is possible to analyze the causes of these threats, there is no way to prove that they actually occurred.
This attack could be caused by weak security measures or vulnerable passwords.
The company may have a weaker authorization system or not having the right accessing system.
The non-encryption or theft of Personal Identity Information (PII), could be the reason for the malicious attacks (Kim, & Solomon 2016).
Such an attack may also result from the saving of files within folders that can be accessed online, or browsers that have not been updated in recent months.
Hackers can inject malware and other malicious viruses into the company’s database, which could lead to a vulnerability for infection.
Some software is dangerous and can make the system susceptible to attacks (Rajasekar (2015)
It is possible to hack the computer of a company that has been contracted by another contractor.
Remedies for Computer Security Breach
You can take several measures to prevent thefts from happening in the future.
Excellus BlueCross BlueShield may choose to take certain recommended measures.
Secure data at the prime level can be protected with appropriate physical and digital security.
It is vital to lock all devices and secure any files before you leave any data on them.
Mobile devices should be more secure (Khan & Hoque (2016)
In addition, if someone leaves an organization for any reason, their details and authorization permit should be securely deleted. As this could be a threat to later and give an intruder the opportunity to access the important data (Betz 2016).
You should also ensure that sensitive information is kept private and restricted to only authorized personnel.
It is possible to protect sensitive data by encryption and a strong password that cannot be cracked.
For security purposes, the password set should be different for different access points. This will prevent accidental breaches (Ferrillo (2015)).
It is important that organizations ensure that all their devices are secured against viruses. This will prevent hackers from attempting to hack into them.
Excellus BlueCross BlueShield fell prey to such a security breach as a result of their inept IT system. This was because Excellus BlueCross BlueShield could not detect the breach.
This caused the company to lose confidential data.
It is possible that the company never checked on their IT infrastructure. This could have caused such a devastating outcome.
After the attack, the company aimed to strengthen its security systems and advised all potential customers to be informed.
To prevent such an incident from happening again, the company should follow the recommendations.
Yahoo! Hack Case
Hacking into any organization’s data can be devastating.
August 2013 saw a huge hacking attack on the web that resulted in the loss of 1bn Yahoo users’ data to the hackers.
The Guardian.com’s article “Yahoo hack 1bn accounts by largest data breaches” published on 15 December 2016 details the entire cyber-stack (Thielman 2016).
This was the biggest attack of all time.
Yahoo spoke of an unauthorised party interfering in their accounts, stealing almost 1bn user information and leading to the security attack.
The hackers were said to have used forged cookies to accomplish this act.
The company knew of the threat from November in its previous office.
Analysis of The Yahoo Hack Case
Yahoo had to deal with this crisis, which resulted in the loss of sensitive and private data that was very important to users.
One possible source of this theft was the little bits left behind by browsers that allowed users to login at their own pace (Lee, 2015).
These cookies can be used by someone skilled to gain access to anyone’s account.
Most likely, Yahoo’s proprietary codes were stolen.
Braian Krebs, the security researcher, heard him recommend that Yahoo! email be discontinued because there were potential thefts he had detected earlier (Thielman 2016, Thielman).
The researcher stated that service providers had failed to successfully remove and block email-based attacks.
It was not known that the threat had been made and this led to a situation where credentials of users were at stake.
The article refers to a US senator asking Yahoo for details about the intrusion after the attack.
It was discovered that the breach happened much sooner than anticipated.
It was unacceptable to the senators that this theft could have resulted in millions and even millions of American data being stolen (Thielman 2016).
The price of their products and their revenue were affected by theft.
Yahoo’s image was damaged, which could have led to a decrease in its value (Whitler & Farris 2017).
Yahoo is now less trusted and people may choose to go with other options that offer better security.
The information disclosed included the identities of millions of users, their birth dates and email addresses. Financial accounts were also included. Other information was available in the linked database.
Yahoo confirmed that there was no breach to the accounts, as the card details and bank account details were not stored in the same database.
After the attack, customers were promptly notified and advised to take action.
There are many ways passwords to other electronic accounts and bank accounts could be compromised. The hacker may also have access to personal information about a relative of the user. This is because personal information is mostly shared only via emails.
Hackers can gain access to log-in details and data stored in the database, making such breaches very common.
Yahoo does have other ventures like Flicker- a photo-sharing site, Tumbler – a blogging platform, and finance, but the loss it sustained is likely too large and will be evident in future revenues (Trautman & Ormerod 2016).
Remedies for The Web Hack
If a website or other computer-related technology experiences a security breach it is usually the owner. This blame is not taken into account when there are many possible breaches.
It is necessary for the government and the owner of the industry to work together and create certain legislation to protect users from such threats (Ilyas (2015)).
Industry could establish a standard protocol or optimize that provides an extra level security.
To ensure that the user’s credentials are safe, spam or malicious scripts may be blocked.
Yahoo, after the hacking incident, lost the trust of many of their most loyal customers (Wee 2016).
It is possible that once such thefts or threats through websites are exposed, the retendering engines automatically takes down the site and doesn’t allow it to load again.
Dot defender is another popular way to prevent any potential threats being planned or hatched.
It’s very affordable and easy to use.
It protects against possible threats and works in an extremely comprehensive way.
It can manage multiple servers’ APIs and interface with great ease.
Security as a Service could be adopted by giants such as Yahoo. This provides them with the security measures they need without any hardware requirements.
This service is also easy to set up and protects their IT infrastructure from any possible threats.
The hack compromised billions of Yahoo users’ confidential data, and it is clear that Yahoo’s image was damaged.
It’s possible that the breach could have been detected sooner and millions could have been saved from the theft.
Below are detailed explanations of the possible causes and consequences of the theft.
DotDefender is a web application that provides a layer of protection to prevent any theft attempts in the traffic.
So that any future threats are detected and stopped, the solution suggested should be followed up with another one.
An Analysis of the Relationship Between Security Information Technology Enhancements & Computer Security Breaches & Incidents.
NAVIGATION CYBERSECURITY SSTORM.
Excellus BlueCross BlueShield has been hacked. 10.5M people affected.
The Washington Times.
Data Breach Notification: Security Management Challenges and Issues
Digital Health Data: An Comprehensive Review of Privacy & Security Risks and Some Remembrances.
Computer Science Journal of Moldova, 24(2). 273-292.
Cyber attacks: prevention and countermeasures
Counterterrorism and Cybersecurity (pp.
Springer International Publishing.
A Short Report on Data Breachage in US Healthcare.
What, Why, And How?
Yahoo hack: 1bn accounts were compromised in the largest data breach of its history.
The Yahoo Data Breach.
Cyber attacks against US companies in 2014.
Heritage Foundation Issue Brief 4289.
Yahoo security breach: 5billion password and information stolen.
Cyber Attacks on Brand Image.
Journal of Advertising Research. 57(1): 3-9.