The purpose of these report is to discuss about data breaching in social media that affected a huge population. In this report the chosen data breaching event is of Yahoo. Data breach is the activity in which private and confidential data gets disclosed to an untrusted environment. Sometimes it is done by hackers and sometimes it may be caused due to irresponsible behavior of an individual. More than 1 billion user accounts of Yahoo got affected by data breaching that occurred in the year 2013. However this act was later reported by the end of 2016. The Yahoo site confirmed that for than 3 million users account got impacted with the data breaching. It took more than 3 years to disclose about the breaches and security issues that affected the people associated with this social media (Thomas et al. 2017). The report will discuss about the policy and the financial impact it created on Yahoo.
By the end of 2016, Yahoo! reported two major data breaches that took place in the mid-year of 2013 and early and 2014. The data breaches that took place in the year 2014 affected around 500 million Yahoo! user accounts and this was reported in the year 2016. The data breaches took place in year 2013 affected around 1 million people. Both the breaches are treated as largest breaches in the history of internet. The hacker collected specific and private details of each user that included name, email address, passwords and even the encrypted security questions along with the answers. The data breaches occurred in the year of 2013 and 2014 and it got disclosed by the year 2016 (Solow-Niederman, 2017). That is the reason behind law suits faced by Yahoo. The breaches has impacted Verizon Communications July plan that resulted the organization to close a deal with a decrease value of $350 million.
This incident effected several users of yahoo and also raised several questions against the security provided by the association towards their users. According to report it became difficult to determine the hacker behind all these events (Torre, Dumay & Rea, 2018). As yahoo made it a long late to discover the breaches as well as implementing the security measures it became a point of criticism. With the implementation of cyber kill chain industry can easily identify the activities of an attacker. Effective implementation of kill chain will help in assisting the information security professional greatly and will help the organization to protect the assets of an organization. There are all total seven stages associated with the kill chain mechanism each step is designed to understand and define the activities of a hacker. The first stage is known as reconnaissance, in this stage the attacker asses and collects information regarding the organization from outside after assessing both technical and non-technical perspective. However there are two ways in which the information is gathered. First is active information gathering and second one is passive information gathering (Kasiak et al., 2018). The second stage includes weaponization where hackers develop a malware specifically to encounter the vulnerabilities discovered at the stage of reconnaissance phase. Third stage is delivery, this involves transmitting of APT code from attacker so that it can be used to target information system for further exploitation. The fourth stage includes exploitation phase after these installation phase is being implemented. The last step is related to actions on objectives (Trautman & Ormerod, 2016). In order to overcome these situation it becomes important for every organization to implement a defense strategy that will help organization to protect the asset. The defense strategies includes implementation of organization with information security programs. With the use of effective user training and awareness regarding email borne threats such as phishing. The organization should maintain a strong cyber hygiene practice throughout the organization.
In order to protect the data from getting breached it is the responsibility of each organization to implement some data security policies that will save guard the information system. There are several ways in which the data security can be assured this includes:
The state data law includes a protection ad privacy law that are used to determine the activities associated to each steps. This law includes a clause that requires prompt notification about consumers that tells about thee data breaching act. This act also includes disclosing the breaches taking place within the system and that are harming people. The people behind these breaches should be disclosed without delaying however it took more than three years for Yahoo to identify the breaches and analysing the number of people got affected by this incident. More than millions of peoples lost their valuable and their private information got breached. Moreover it harmed the reputation of yahoo organization. Yahoo lacked in providing proper security features to their uses and moreover their delaying nature lead them to face criticism (Gupta, 2017). After all this incident the company did not took any major steps to implement new features as fast as other companies react to such issues. Moreover according to the experts report it is found that yahoo did not asked their users to change the password for better security purpose. Apart from these several experts stated that yahoo’s financial situation has not allowed the company to invest on cyber security.
The member of U.S. government shared that they are really upset with the behaviour and delay showed by Yahoo in detecting such a major issue. Moreover U.S Securities and Exchange Commission asked the CBI to investigate about whether the organization has fulfilled all their obligation under federal securities laws or not. By the mid of 2016 it was investigated that 23 lawsuits related to 2014 data breaches were been filled against yahoo (Whitler & Farris, 2017). Among those one law suit disclosed that the hack caused an intrusion into personal financial matters. Yahoo failed to provide an adequate protection towards their user’s personal information. SEC has issued over $35 million to yahoo as they failed to disclose the fact regarding the 2014 data breach. Apart from these yahoo has issued $50 million for settlement against the class action. Verizon communications has entered into the state of negotiation and approval for purchasing a portion of Yahoo properties for $4.8 billion. However Verizon was not aware about the data breaches incident took place in yahoo. This lead to face a major lose to yahoo, as the deal closed with decreasing the share value by $ 350 million.
Conclusion
From the above report it can be said that data breaching of Yahoo had greatly impacted the reputation of yahoo and has also hampered from the financial perspective. Yahoo failed to maintain proper security suit for the organization and also overlooked the importance of cyber security within the organization. Thus from the case study it can be said that there is a huge importance of having proper cyber security and proper law suit that will ensure security to the information system. After these incident it took a lot time to regain the position and trust in the market. Each user wants to have a platform that will provide highest security. Moreover the organisation failed to detect the data breaches at first and it took more than 3 years to identify the risks. Thus, it is important for every organization to provide better security towards their information system.
References
Gupta, A. (2017). THE EVOLUTION OF FRAUD: ETHICAL IMPLICATIONS IN THE AGE OF LARGE-SCALE DATA BREACHES AND WIDESPREAD ARTIFICIAL INTELLIGENCE SOLUTIONS DEPLOYMENT.
Kasiak, J., Carbunar, B., Christensen, J., Lyukova, M., Bajaj, S., Boruta, M., … & Stan, G. (2018, October). CipherLocker: Encrypted File Sharing with Ranked Search https://cipherlocker. com. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 2234-2236). ACM.
La Torre, M., Dumay, J., & Rea, M. A. (2018). Breaching intellectual capital: critical reflections on Big Data security. Meditari Accountancy Research, 26(3), 463-482.
Solow-Niederman, A. (2017). Beyond the Privacy Torts: Reinvigorating a Common Law Approach for Data Breaches. Yale LJF, 127, 614.
Thomas, K., Li, F., Zand, A., Barrett, J., Ranieri, J., Invernizzi, L., … & Margolis, D. (2017, October). Data breaches, phishing, or malware?: Understanding the risks of stolen credentials. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (pp. 1421-1434). ACM.
Trautman, L. J., & Ormerod, P. C. (2016). Corporate Directors’ and Officers’ Cybersecurity Standard of Care: The Yahoo Data Breach. Am. UL Rev., 66, 1231.
Whitler, K. A., & Farris, P. W. (2017). The Impact of Cyber Attacks On Brand Image: Why Proactive Marketing Expertise Is Needed for Managing Data Breaches. Journal of Advertising Research, 57(1), 3-9.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download