Cybercrime against an organization is more likely than ever and therefore, can be seen as a strategic threat to the organization. In fact, several experts have stated it is a matter of when rather than if. Even more terrifying, a recent study shows that it takes companies over six months to even notice a data breach (Foster, n.d.). Furthermore, companies involving banking or financial services incur over “50 attacks per month on average” (Foster, n.d.). Therefore, confirming the likelihood of an attack against an organization like PBI Island Services.
Cybercrime attacks serve to cause a wide range of negative effects not only for the company itself but for the employees and customers alike. Specifically, cybercrime has directly caused an impact on “jobs, innovation, economic growth and investment” (Merchant Risk Council, 2020). Additionally, cybercrime can cause a loss of opportunity, personal identifiable information, and sensitive and classified information for the respective company. For the organization specifically, cybercrime can cause business loss during the attack, loss of company assets, damage to reputation, litigation, and protection costs associated with staff, firewalls, encryption and software (Tittel & Janson, 2015).
One of the most damaging cyber attacks that have recently taken place is against the Capital One banking organization. The attack took place during a four month timeframe last year against the organization’s cloud environment. Thousands of sensitive data and personable identifiable information to include account numbers, addresses, names, telephone numbers was stolen by an employee of the cloud service provider, Amazon Web Services.
According to the press release the was associate crime, the perpetrator was Paige Thompson, an employee of Amazon Web Services. Essentially, she took advantage of misconfigurations between the cloud services application firewall. It was noted that Paige Thompson utilized a server-side request forgery attack, which essentially forces the server to execute unauthorized commands as a proxy for requests on behalf of the remote user to gain access to private endpoints. The member was arrested due to sharing her activities openly on the Internet. Therefore, the investigators were able to trace back the actions to Thompson. Additionally, it is still in investigation as to determine responsibility in regards to liability. If Capital one can prove no negligence, they will not be held responsible. However, weeks following the event led to a decline in the organization’s reputation and its stock market value fell days after the attack was released.
The attack that Paige Thompson used is not as uncommon. In fact, many organizations who rely on web cloud services for data storage are at risk for this particular exploit. It can even be more damaging for an organization who fully commits to a cloud model. Therefore, it is absolutely critical for Public Island Services to take actions or develop strategies to protect itself from similar crimes. My recommendations include ensuring a stronger encryption method, development of a crisis plan, ensure the organization has cybersecurity insurance, and a review and examination of the attack to develop countermeasures.
As cybercrime threats continue to increase for all organizations, it is important to prepare against the latest threats. If an organization does not take these likely threats seriously, the organization can face grave consequences that may be unrecoverable if faced.