As individuals or in groups      assigned by your instructor, search online for recent reports on      information security breaches

Security questions

1. A security breach is any incident that leads to unauthorized access to information, programs, systems, or devices.
2. This act mainly results in information being accessed by outsiders and may be detrimental to an organization.
3. Information that is kept private is extremely valuable.
4. It is frequently sold on the black market; for example, identities and credit card numbers can be purchased and used for impersonation, theft, or fraud.
5.  It should come as no surprise that security breaches may cost businesses much money.
6. It is not unusual for a security compromise to lead in a considerable loss of revenue.
7. According to statistics, 29% of businesses that have a cyberattack suffer financially.
8. A staggering 38% of those who suffered losses lost it by a proportion of 20%.
9. For example, a faulty website may cause potential customers to explore for options.
10. A detrimental impact of a security breach is the loss of customer trust.
11. A good reputation is an invaluable asset that, once lost, may take many years to rebuild.
12. The Adult Friend Finder security breach in October 2016 is an example of a security breach.
13. The attack impacted a total of 412.2 million accounts because of the applications activities, account holders were particularly vulnerable to the hack.
14. In October 2016, the Friend Finder Network was breached, which comprised casual hookup and sexually explicit content websites such as iCams.com, Adult Friend Finder, Cams.com, Penthouse.com, and Stripshow.com.
15. The stolen information contained names, email addresses, and passwords and covered 20 years across six databases.
16. Managers should note that security breaches are costly mistakes that could significantly affect the business and may even lead to the shutting down of a company.

Cyber Security

As individuals or in groups assigned by your instructor, search online for recent reports on information security breaches. Come to class prepared to discuss the breach, its potential impact, and how it might have been avoided. What should the key takeaways be for managers studying your example?

A security breach is any incident that leads to unauthorized access to information, programs, systems, or devices. This act mainly results in information being accessed by outsiders and may be detrimental to an organization. Information that is kept private is extremely valuable. It is frequently sold on the black market; for example, identities and credit card numbers can be purchased and used for impersonation, theft, or fraud. It should come as no surprise that security breaches may cost businesses much money. It is not unusual for a security compromise to lead in a considerable loss of revenue. According to statistics, 29% of businesses that have a cyberattack suffer financially. A staggering 38% of those who suffered losses lost it by a proportion of 20%. For example, a faulty website may cause potential customers to explore for options.

A detrimental impact of a security breach is the loss of customer trust. A good reputation is an invaluable asset that, once lost, may take many years to rebuild. The adult video streaming website CAM4 experienced a security breach in March 2020, affecting 10.88 billion account users. The Elasticsearch server of adult video streaming website CAM4 was hacked, exposing over 10 billion data (Bizga, 2020). The confidential information exposed in the compromised documents included Full names, sexual preference, email addresses, email correspondence transcripts, chat transcripts, password hashes, IP addresses, and payment logs were among A large number of the leaked email accounts are associated with cloud storage providers. Hackers might obtain deeper access to personal images and company data if they were to undertake effective phishing attempts on these individuals. Because of the leaked database's dubious link, exposed users may be subjected to extortion and harassment actions for coming years. Managers should note that security breaches are costly mistakes that could significantly affect the business and may even lead to the shutting down of a company.

Think of firms that you’ve done business with online. Search to see if these firms have experienced security breaches in the past. What have you found out? Does this change your attitude about dealing with the firm? Why or why not?

One of the companies I have worked with is the first American financial corporation.  A data breach affecting 885 million users occurred in May 2019 at First American Financial Corporation. The sensitive details of 885 million people, including bank account information, social security numbers, wiring transfers, and other property loan documentation, were apparently exposed by First American Financial Corporation. The data breach was caused by what the firm described a "design fault" on its webpage, which permitted hackers to access 484 files without authorization, including a few that supposedly held non-public individual data. It might be difficult to determine the severity of a data leak like this (Krebs, 2019). Without a doubt, this is a concerning situation that does not inspire trust in First American's ability to safeguard consumer information. The fact that this information was easily disclosed online makes it difficult to completely comprehend the extent of the leak's impact. There was no proof of a clear breach of the company's systems or of a malevolent third-party gaining unauthorized access to files. This information completely changed my decision of working with the company since this kind of breach seemed like a purposeful mistake on the banks end.

Why are threats to the power grid potentially so concerning? What are the implications of power-grid failure and of property damage? Who might execute these kinds of attacks? What are the implications for firms and governments planning for the possibility of cyberwarfare and cyberterror?

Energy is likely the most vital of the 16 critical infrastructure sectors listed by the Department of Homeland Security in the United States. This industry is crucial because it supplies the energy required to run all other critical infrastructure sectors. However, the backbone of the energy sector in the United States is based on an ancient skeleton that is getting increasingly susceptible every day. The electricity infrastructure is vulnerable to physical attacks and cyber assault, whether from terrorists or states like China and Russia.

Why are power grinds potentially so concerning: massive power disruptions produced by a cyber-attack may wreak havoc on the economy, divert attention away from a simultaneous military strike, or induce national trauma. 

Implications: Such occurrences result in a delay in working operations, if not a complete stoppage of operations. The equipment used is costly, and much of it is no longer manufactured in the United States. Replacing some systems takes much time and even is very costly for companies and nations.

Who might execute: transnational criminal organizations that would launch such attacks include, Terrorist groups or a foreign force, radical groups, hackers, and international crime syndicates

What are the implications for firms and governments planning for the possibility of cyberwarfare and cyberterror? Firms and governments preparing for cyberwarfare and cyberterror must ensure that their technological innovation, advancement, and deployment procedures are integrated with security to ensure that applications, database systems, and other technologies are built with security measures in place from the beginning.

What happened to the hacker? Were they caught? What penalties do they face?

Illegal cash transfers, cyber warfare, terrorism, stealing personal and financial data, and extortion are only some reasons why hackers exist. In 2009, hackers in the United States stole more than $570 million (Kader & Minnaar, 2015). Yes, the hackers were apprehended and charged with computer fraud as well as wire fraud crimes. They were eventually arrested, convicted, and sentenced to prison.

 Why do cybercriminals execute attacks across national borders? What are the implications for pursuit, prosecution, and law enforcement?

Criminal networks can now operate across regional boundaries that are impossible to do in the real world due to the Internet. Because examinations are not standardized globally, attacks are carried out across borders. Even though different countries have different laws, detecting and punishing it is challenging. The extensive and formal strategies that underpin shared legal understandings do not include detailed examinations. As a result, criminals use the Internet to avoid being detected or take advantage of restricted laws and penalties.

The fight against cybercrime necessitates more severe criminal law arrangements that allow them to take the required steps to identify the offender and gather evidence for criminal proceedings. Since the guilty actor may or may not be present at the crime scene, cybercrime investigations should be conducted differently. Many countries have established new instruments to create law-enforcement offices to investigate cybercrime. On a worldwide scale, ICT can play a significant role in assuring security and compatibility. Countermeasures should be taken to follow cybercriminals over the network or through a private or public proxy. Computer forensics, Internet content filtering, and encryption can provide all aid in the investigation. Unfortunately, there are limited tools under international law that allow a government to respond. Due to the imposition of multiple restrictions, the countermeasures permitted under international law are of little utility. Law enforcement in the United States has also shut down sites like ShadowCrew and DarkMarket, where hackers get an eBay-style seller grade that certifies the quality of their products.

What methods do firms use to ensure the integrity of their software, their hardware, their networks, and their partners

Patching, paying attention to security warnings, and keeping installed software up to date are some of the tactics employed by the company to maintain the integrity of their network, software, partners, and hardware (Popovi? & Hocenski, 2018). Emails are kept in the system for a long time by some companies, who closely adhere to their regulations. Locking down their partners has created vulnerability anytime anyone contacts the network and ensures performance by committing to security. Finally, most firms utilize audit trails to track down abuse patterns, which they do by recording and monitoring auditing firms. Automated notifications can be used to hold or respond to a problem with an account.

Describe one multi-factor authentication method that you have experienced and discuss the pros and cons of using multi-factor authentication.

Multi-factor authentication is defined as a method a computer user is granted access only after showing two or more pieces of authentication evidence, such as inherence, knowledge, and mechanism (Jacomme & Kremer, 2021). Biometrics, which includes password authentication, is one example of a multi-factor authentication method. One of the benefits of implementing multi-factor authentication is that it improves the firm's security by strengthening the MFA. Physical tokens have also aided in making life easier. One disadvantage is that if the phone is forgotten, it is difficult to recover it. In addition, MFA has a higher cost and is, therefore, more expensive.