UODC Privacy and Security Considerations Security Breach Discussion

User Generated

engubqrfra

Computer Science

University of the District of Columbia

Description

According to the authors, privacy and security go hand in hand; and hence, privacy cannot be protected without implementing proper security controls and technologies. Today, organizations must make not only reasonable efforts to offer protection of privacy of data, but also must go much further as privacy breaches are damaging to its customers, reputation, and potentially could put the company out of business. As we continue learning from our various professional areas of practice, its no doubt that breaches have become an increasing concern to many businesses and their future operations.

For this discussion, find an example of a security breach which compromised data records at a company(Netflix which we have used) in the same industry as you will be using in your final paper. Summarize the breach, discuss the data that was lost and identify security controls that you would recommend be in place (be certain to remember to cite sources) that could have prevented this breach from occurring. 

.Post-1:LinkedIn Data BreachSome of the organizations in the technology industry that have suffered data breach include Yahoo, Dropbox, and LinkedIn (Thomas et al., 2017). In this discussion, I will discuss LinkedIn’s data breach. LinkedIn is a major social network used by many business professionals. That aspect has turned LinkedIn into an appealing proposition for hackers who use sophisticated social engineering techniques (Swinhoe, 2020). In 2012, LinkedIn announced that attackers stole 6.5 million unassociated passwords and posted them on a Russian forum for hackers.It took the company until 2016 for the company to determine and reveal the full extent of the breach incident. The stolen data stayed in private hands to later appear on the dark web in 2016. The company revealed that the attacker accessed email addresses that were connected to the LinkedIn member ID numbers and hashed passwords (Swinhoe, 2020). LinkedIn announced that the hacker who was selling MySpace’s data offered the stolen email addresses and passwords of about 165 million LinkedIn users to buyer. The hacker was asking for 5 bitcoins (equivalents to $2,000 in 2016).The company acknowledged its awareness concerning the breach. The invalidated company invalidated passwords of LinkedIn accounts that were created prior to the 2012. The company used automated tools to both identify and block all suspicious activities on the accounts while engaging with law enforcement agencies. LinkedIn could have prevented the data breach by introducing 2-step verification using SMS on time (Gune, 2017). LinkedIn should have focused on the existence control measures such as two-step verification. The company should have enables users to configure 2FA.Post-2:Macy's is a famous American retail chain that sells fashion and beauty merchandise. It has been in business for over 160 years and is headquartered in New York City, NY. Merchandise is sold in its physical stores and via its online store. Macy's also operates the brand names Bloomingdales and Bluemercury.In October of 2019, Macy's notified its customers about a cyber-attack against its website, macys.com. In particular, two web pages were affected: the Checkout page and the My Wallet page. According to the notice, hackers injected web skimming malware into the website. The injected malware collects sensitive customer data such as names, addresses, phone numbers and email addresses, credit card numbers, security codes, and expiration dates (O'Donnell, 2020, September 16).Although Macy's believed that only a small number of customer accounts were affected, the damage was already done. In 2018, Macy's and Bloomingdale were impacted by a data breach in which hackers accessed user accounts stolen from 3rd party websites to access private customer data, including credit card numbers but not CVV security numbers or Social Security numbers (Mangla, 2020, June 15).In both incidents, Macy's provided identity theft protection services for the affected customers, which incurs a cost. Security breaches can significantly impact a company's brand image and even affect their stock prices. According to one researcher, Macy's stock saw a 10% dip in its stock price (NYSE) in November 2019, the month following the data breach disclosure (Islam, 2020).The following recommendations could reduce the risk of another attack. First, web servers should use professional-grade antivirus technology with automatic updates to stay current. The malware identified in the 2019 attack was well-known as "Magecart" (O'Donnell, 2019, November 19). An antivirus suite with an updated database may have been able to detect its signature and alert the security teams of the infection.Since antivirus software is not a guaranteed protection against new and unknown threats (Zero Day threats), another step that Macy's should take is to perform cybersecurity assessments, such as web application penetration tests. A penetration test is an assessment where information security professionals play the role of an attacker and use similar tactics, techniques, and procedures to discover weaknesses and provide recommendations to fix them before the real hackers do. In a web application penetration test, security professionals attempt to abuse web technologies using methodologies such as the Open Web Application Security Project (OWASP) to determine the most common risks (Smallwood, 2019). Penetration tests that demonstrate the exploitability of security flaws provides an accurate measure of risk.

Explanation & Answer:
250 words
2 Peer Responses 150 Words Each
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Summary of Breach
Most internet users recycle their login details for various online sites. A user of Yahoo,
may use the same password for their LinkedIn and Spotify accounts. During a data security
breach of any number of these accounts, a lot of information or dictionaries containing the
usernames, passwords and credit card numbers of users of a particular website are leaked. This
sensitive information is sold in the dark web and hackers and scammers buy it then try logging
into on other websites such as Netflix using pre-programmed bots, thereby putting unsuspecting
users at risk (Blunden, 2020).
As early as Decembe...

Related Tags