Ethical hacking is the controversial act of detecting the gaps or locating the weakness and vulnerabilities of the information or computer system by duplicating the actions of a malicious hacker along with the duplication of the intents of the malicious hackers. This type of hacking is also known as penetration testing, intrusion testing or red teaming (Engebretson 2013). The professionals associated with this type of hacking are known as ethical hackers or white hat hackers and they mainly aim at identifying the information, location or system which can be accessed by the hacker, what the attacker is able to see in the target, what are the things that the attacker can do with the information and if anyone in the target system is able to notice the attempt of hacking or not (Pike 2013).
The report mainly aims at discussing the various aspects of Ethical hacking along with discussing an incident which has taken place and involves the use of an appropriate software or hardware in the real or virtual computing environment. This report also evaluates the effect that will occur due to the replacement of the UK data protection act by the General Data Protection Regulation. All the major effects are discussed in this report. The incident of hacking that will be discussed in this report is the “WannaCry Ransomware” attack of May 2017.
WannaCry Ransomware was a cyber-attack which was conducted on a large scale which targeted only the computers which were having a Microsoft windows operating system. At the initial stage it was considered at the infection occurred through an exposed vulnerable SMB port rather than the email phishing (Scaife et al. 2016). However, the main reason for the WannaCry Ransomware was email phishing. The attack mainly encrypted all the files in the computer and for the purpose of removing the encryption the attacker asked for a payment of around $300 in bitcoins within a certain deadline. The attack had a vast impact over a number of businesses, institutions and hospitals all around the world (Pathak and Nanded 2016). This attack also affected companies like Renault and Nissan and they had to pause their business activities for some time. The computers in the hospital used for MRI scans and many more were also affected. The Government was blamed for the inability of securing the vulnerabilities. It was estimated that around 200,000 to 300,000 systems in approximately 150 countries were affected.
There are several reasons behind the success of this attack some of them are listed below:
The attacker asked for payment by means of bitcoins but there were no such records regarding the decryption of the attacked computers even after making the payments. Two major solutions for this attack are listed below:
There are various advantages of GDPR than the UK data protection act. Some of them are listed below:
|
UK Data Protection Act |
General Data Protection Regulation |
|
This act is applicable only for UK. |
Applicable for whole of EU along with any other globally based company which is responsible for holding data of the EU citizen. |
|
There is no need of having dedicated DPO for any business. |
For some countries it is mandatory to have a DPO or for those companies which are having an employee count of more than 250. |
|
Organisations are not required to remove all the information of an individual that they are holding. |
For GDPR an individual is having the “Right to Erasure” that all the records having the information gets deleted permanently which might also include the web records. |
|
Stores personal data and sensitive personal data. |
Besides personal and sensitive personal data it also includes the online identifiers, data of the location and genetic data. |
|
It is not mandatory for most of the organisations to notify during any type of breach. |
It is mandatory for the organisations to notify at times of any kind of breach within 72 hours. |
|
Individuals having a material damage are liable for claiming compensation. |
Persons can claim for compensation for both material as well as non-material damage. |
GDRP stands for general data protection regulations is nothing but a set of rules which is generally designed in such that it can give more control over data. Breach of data can happen at any instant of time. Information can easily get lost stolen or modified at any instant of time. On the contrary under GDRP, organization not only will secure the personal data which is gathered under legal and strict condition (Tankard 2016). GDRP is applied to any organization which is operating under the EU along with many organization operating which is tending to operate outside of EU and also claims to provide goods or services to various kinds of business which are under EU. It ultimately focuses on the fact that various organization round the globe will need to be ready when GDRP comes into action.
UK data protection act is focusing on to set some strategy which will fit into UK data act so that it can easily fit into the digital age. One of the well-known components for the reformation is the introduction of General data protection regulation. GDPR is future is focusing to maintain legal procedure for maintenance of records of personal data (Mansfield-Devine 2017). Various controllers round the globe are focusing on providing contracts which are within the compliance with GDPR.
Conclusions
Ethical hacking is considered to be a legal way of securing the systems. The ethical hackers are given the permission to get into the system and find out the flaws and the weak points of the system. This will greatly help any organisation to protect their vital data as well as those data which are prone to attacks. The implication of GDPR or General Data Protection Regulation will greatly help in the protection of the data. GDPR can be applied in whole of EU along with on any other global company which is responsible for holding data of the EU citizen. For GDPR it is mandatory to provide the information regarding any type of breach within 72 hours. Individuals can claim for compensation whenever they suffer from material or non-material damage.
References
Brewer, R., 2016. Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), pp.5-9.
Engebretson, P., 2013. The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Elsevier.
Hampton, N. and Baig, Z.A., 2015. Ransomware: Emergence of the cyber-extortion menace.
Mansfield-Devine, S., 2017. Hiring ethical hackers: the search for the right kinds of skills. Computer Fraud & Security, 2017(2), pp.15-20.
Pathak, D.P. and Nanded, Y.M., 2016. A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume, 5.
Pike, R.E., 2013. The “ethics” of teaching ethical hacking. Journal of International Technology and Information Management, 22(4), p.4.
Richardson, R. and North, M., 2017. Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), p.10.
Scaife, N., Carter, H., Traynor, P. and Butler, K.R., 2016, June. Cryptolock (and drop it): stopping ransomware attacks on user data. In Distributed Computing Systems (ICDCS), 2016 IEEE 36th International Conference on (pp. 303-312). IEEE.
Tankard, C., 2016. What the GDPR means for businesses. Network Security, 2016(6), pp.5-8.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download