Computer security breaches are very common now-a-days. People and companies from all over the world are suffering from it. It is the illegal withdrawing if information from some anonymous hacker or attacker. The information breaches can take place with private as well as government companies which uses internet as any part of their plan (Billies 2016). In these incidents, the confidential and sensitive data is copied, stolen or transmitted by unauthorized individuals.
This report focuses on two important security breaches which took place between September to December 2015 and the second which happened between 2012-2016. The first breach taken is the “Scottrade attack and the second hack describe in the report is the “yahoo data breach”. The report also highlights the security measures which could have been taken by yahoo and scottrade in order to prevent the hack from taking place. For better understanding of the problem and situations, the report has been divided into sections explaining the topics in detail.
Around 4.6 million people connected with the organization were affected by the breach. The customers of “Scottrade”, who enrolled in the organization before February 2014, were affected by the hack (Thompson 2017). The breach was a massive breach as the hackers succeeded to hack such a big organization instead of various security measures taken by the organization. The hackers managed to get various customer details such as the security number and emails. The attackers got access of the huge database of the company illegally and the hack was resulted by them. The names and physical address of the customers were stolen by the hackers and misused (Groshoff 2016). The organization has no clue of the hack as they were confident about their security system. FBI informed the organization about the hack and a huge breach came up. The company had to suffer a huge loss of data due to the breach.
There are several ways by which the hackers get the access of any company’s website. Server scanning, Wi-Fi vulnerability, social engineering and phishing could have been the reason behind the website being hacked. Malicious emails were the main reason behind this attack. The attackers sent malicious emails to get to the hackers. This act of getting unauthorized data through sending malicious emails is known as phishing (Vorbrodt 2016). The hacker sent spam emails to the employees of the company to get the data. Employees received the mails and as soon as they clicked on the mail to explore it, all the important data was transferred to the hacker’s mail and the hackers got access of the employee’s computers. Active employees of the company received the email from the attackers. Even though the company had set encryption to the passwords and information of the clients but the hackers got access of the data and thus, they hacked the accounts of the customers and stole the informations.
There were various ways by which the organization could have prevented the hack. The safety measures which could have been taken by the firm in order to safeguard the information of the user are-
Employees would not have been allowed to share information to anyone. The employees of the firm could have been given proper training on the phishing attacks and the various ways t prevent those attacks (Hovav and Gray 2014). The organization would have strictly disallowed the employees to share the personal information of the client to any outsider. This could have been dome to keep the client information confidential
The company could have used more appropriate guard against the spam and other malicious emails. Proper filter could have been set on the account of the employees so that any malicious email would not be able to steal any information from their computers.
The confidential and sensitive information of the client would not have been shared to any other person except the trusted employees of the company (Lim et al. 2014). This way the breach of data through phishing could have been prevented.
The new employee of the corporation would have been given proper training on the phishing and other attacks. The new employees of the company are the ones who are most likely to get in the trap of the hackers. Thus, the new employees should have been trained properly nit to share the confidential information with any outsider. They must have been told about the importance of the employee data for the company’s brand image and other factors.
These were the ways by which “Scottrade” could have prevented the attack to take place.
Yahoo is one of the largest search engines in the world. The internet service provider company had to suffer many breaches in the year 2016. The breach occurred two times. The first breach which was announced by the company occurred in late 2014. Around 500 million people were affected by the breach. The other breech recorded occurred around august 20143 and was reported in December 2016. Around 1 billion Yahoo users were affected by the breach. Both the breaches occurred in context of Yahoo is considered as the largest breach in the history of internet. Hackers stole several details of the users such as their email address, telephone numbers, date of birth, unencrypted and encrypted security queries of the customers and the encrypted passwords of the customers (Chen et al. 2016). The customers from all over the world criticized the brand to announce the breaches so late. The brand had to face several lawsuits because of the breach. The customers lost their confidential data. According to yahoo, the breach that occurred in 2014 was carried out by a “state sponsor actor” and the firm has also claimed that these types of thefts have become common.
The well known and renowned search engine Yahoo and the parent company of several other sites such as twitter and oracle was hacked two times by the Russian hackers. The first breach occurred in the year 2014 but was reported in the year 2016. Many of the customers of the brand were affected by the two breaches (Trautman and Ormerod 2016). The hackers stole sensitive information of the yahoo customers and the major targets of the hack were the government officials of U.S government, journalists from Russia and the other employees from several offices. According to the brand, the breaches were interrelated as they were state sponsored. The breach which occurred in 2013 was tied to forged cookies which allowed the hackers to access the accounts of the users without any passwords. This way the hackers stole the sensitive information from the accounts of the employees and various government officials. The major factor of the breach the number in which the hack took place. The database security of the organization was affected heavily as the hackers stole the information from the database of the site. The firm had to pay several fine for the reported data breach and various lawsuits. A company named Verizon agreed that it had been buying the online business of Yahoo since few days.
The customers who were targeted by the hackers in the breach were the U.S government officials journalists from Russia and the other employees from several offices. These people lost all the data from their mail and other accounts. The data also indulged some confidential information regarding the government strategies and other factors. The customers of yahoo had to suffer huge loss of their data and other essential informations. The customers lost their data and this could cause severe effect on the country as well if the information was taken by some terrorist organization. The government officials were affected heavily as their account contained essential and sensitive informations related to the government policies whose loss caused great harm to their firms and other organizations.
The other one who was affected heavily by the breach was the brand itself as the brand has to suffer heavy downfall in its brand image and other factors. Several lawsuits were filed against the company which left a very poor impact if the brand. The company had to face several charges and government investigation for several days and thus the company suffered massive down-hill. The company had to go through financial loss as well because several penalties were enforced on the company because of the loss that the government and other officials had to face.
Thus, the breach posed a very ill impact on both the customers as well as the brand.
The hackers first made their way to the network of the brand for numerous months. The way to the network of the company helped them to get to the technological skeleton keys which helped them to unlock many of the user accounts at Yahoo. Hence, through this, many of the Yahoo accounts were under control of the hackers (Manworren, Letwat and Daily 2016). The hackers had strengthened their roots in the network of the organization and this allowed the hackers to steak the persona information of the users and they used the data to break into the accounts of other users.
The hackers got access to the backup of Yahoo’s database and they reset the passwords to get entry in the accounts of the users
Conclusion
Hence, from the above discussion it can be concluded that both the attacks had huge impact on the customers as well as the brand. Employees would not have been allowed to share information to anyone. The employees of the firm could have been given proper training on the phishing attacks and the various ways t prevent those attacks. The company could have used more appropriate guard against the spam and other malicious emails. Proper filter could have been set on the account of the employees so that any malicious email would not be able to steal any information from their computers.
References
Baskerville, R., Spagnoletti, P. and Kim, J., 2014. Incident-centered information security: Managing a strategic balance between prevention and response. Information & management, 51(1), pp.138-151.
Billies, R., 2016. Passphrases Are Better.
Chen, Y., Dong, F., Chen, H. and Xu, L., 2016, August. Can Cross-Listing Mitigate the Impact of an Information Security Breach Announcement on a Firm’s Values?. In IOP Conference Series: Materials Science and Engineering (Vol. 142, No. 1, p. 012133). IOP Publishing.
Groshoff, D., 2016. Moore’s Law versus Man’s Law: How Cybersecurity and Cyber Terror Government Policies May Help or Hurt Entrepreneurial Startups. Chap. L. Rev., 19, p.373.
Hovav, A. and Gray, P., 2014. The ripple effect of an information security breach event: a stakeholder analysis. Communications of the Association for Information Systems, 34(50), pp.893-912.
Lim, I.K., Kim, Y.H., Lee, J.G., Lee, J.P., Nam-Gung, H. and Lee, J.K., 2014, June. The Analysis and Countermeasures on Security Breach of Bitcoin. In International Conference on Computational Science and Its Applications (pp. 720-732). Springer International Publishing.
Manworren, N., Letwat, J. and Daily, O., 2016. Why you should care about the Target data breach. Business Horizons, 59(3), pp.257-266.
Schneier, B., 2013. Carry on: Sound advice from Schneier on security. John Wiley & Sons.
Thompson, G.F., 2017. Time, trading and algorithms in financial sector security. New Political Economy, 22(1), pp.1-11.
Trautman, L.J. and Ormerod, P.C., 2016. Corporate Directors’ and Officers’ Cybersecurity Standard of Care: The Yahoo Data Breach.
Vorbrodt, A.R., 2016. Clapper Dethroned: Imminent Injury and Standing for Data Breach Lawsuits in Light of Ashley Madison. Wash. & Lee L. Rev. Online, 73, p.61.
Wang, W., 2016. A LEARNING MODULE FOR ADVANCED CRYPTOLOGY. Issues in Information Systems, 17(4).
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download