The University of Oklahoma(OU) had had a security breach on June 14, 2017. It had accidently released thousands of records concerning its students from 2012. The breach occurred from the campus file sharing system. The act prompted a violation in the federal law. The OU Daily found the data breach. The daily shared with the vice president that the breach had occurred (Ablon et al., 2016). The vice president reported that the OU Information Technology (IT) department had known the breach long before and were working to secure the files that had been breached. Though the IT team had not found any evidence that there had been a breach in the system but they had looked into the matter as how the files and been made accessible to individuals who have even claimed that they had downloaded them (Kwon & Han, 2017). The Daily did not suggest that there had been an outside breach in the security but they rather stated that the lax security measure of the server made the users to access educational records, whichwas not allowed. Among the 29,000 records disclosed there were many instances that showed that personal and sensitive information related to the students of the university were disclosed. Such disclosure of record violated the Family Educational Rights and Privacy Act (FERPA) that helped the students to control the sharing of their personal details. The education board said that the files were disclosed unintentionally. Thus, the FERPA was not violated as such offence can make the federal funding of the university to be pulled away (Young, 2014).
The security breach in the system of the university prompted thousands of university to be affected. The possible risk was the fact of personal information falling into the wrong hands. Information of more than 29,000 students of the university had been leaked. The information consisted of personal details, financial status and social security number. The system was immediately shut down once the files were found to be accessible by any one. However, universities have a directory information file which stores limited information on the students on the university (Kuo&Varki, 2014). Violation of any kind of law would have made the organization to fall into the trap FERPA.
The attack was not something, which had to be carried out by an outsider. The security breach was made from inside. The files are to be kept safe on the university’s server and to be made accessible to the person with the correct access credentials. The IT department of the University overlooked this fact. They found that someone on the inside made the files public. The files were made available to anyone using the University’s email system. The OU had changed their server from SharePoint to the Cloud Servers (Federgreen& Sachs, 2015). They university was aware of which file were to be made public for the students. A single button click on the ou.edu email website would lead the user to the cloud server used by the university: Delve. Delve is a network operated platform that shows the user what they are working on or what the other students are working on. Anyone with an OU email file server is liable to get access to Delve. On searching the keywords in the search bar, the files would be made available to the user. Four spreadsheets containing financial information from the classes of 2012- 2013, 2013- 2014, 2014- 2015 and 2015- 2016. All types of financial information related to the student and the grades he or she had relieved during the time were exposed. For the 500 international students of the University their Visa details were also exposed in the breach.
To remove such data breaches to occur in the university to occur the university the following can be followed:
References
Ablon, L., Heaton, P., Lavery, D., &Romanosky, S. (2016). Data Theft Victims, and Their Response to Breach Notifications.
Federgreen, W. R., & Sachs, F. E. (2015). U.S. Patent Application No. 14/618,434.
Gao, X., Zhong, W., & Mei, S. (2015). Security investment and information sharing under an alternative security breach probability function. Information Systems Frontiers, 17(2), 423-438.
Gray, M. F. (2015). U.S. Patent No. D746,305. Washington, DC: U.S. Patent and Trademark Office.
Kuo, H. C., &Varki, S. (2014). Are Firms Perceived As Safer After an Information Breach?. ACR North American Advances.
Kwon, S. M., & Han, C. H. (2017). Empirical Investigation on Information Breach Effect on the Market Value of the Firm: Focused on Source and Long Term Performance. Journal of Society for e-Business Studies, 21(2).
Young, E. (2014). Educational privacy in the online classroom: FERPA, MOOCs, and the big data conundrum. Harv. JL & Tech., 28, 549.
During the period of 12th of May 2017 and 15th of May 2017, a global scale cyber-attack was initiated targeting computers running Windows based operating systems. The virus was namedWannaCry ransom ware(Chakravartula, & Lakshmi, 2017). The virus would encrypt all the files of the computer system it attacked and then would ask for ransom for decryption in the form of Bit coin Crypto currency. On the first day of the attack, the virus had infected more than 230,000 computers in around 150 countries across the globe. The virus had affected many notable organizations across the globe. Web security researchers found that the process could be slowed down by registering a domain name, which was found inside the code of the virus (Wirth, 2017). However, newer versions started to come out which was deprived of such a kill switch. Many researchers found ways to decrypt certain files without paying any ransom. Microsoft created security patches for all the windows versions in the market, some emergency security patches were released the next for computers running on Windows 7 and Windows 8. The older version of Windows like Windows XP and server 3003 were the ones to get affected first. However, the number of casualties were less related to Windows 7. The virus was considered a network worm, which had the ability to transport itself, and used EthernalBlue exploit in Windows systems to gain access (Renaud, 2017). The files encrypted by the virus displayed a ransom note from the creators demanding Bit coin ransom. Once it gained access it used DoublePulsar to install in the computers system and execute a copy of the virus.
The most notable Wannacry victims are:
The first attack was done in the form of injection around 8:24am of London time on 12th of May 2017. A European opened a compressed zip, which initiated the WannaCry virus. The first initiation needed some housekeeping on the part of the virus to be performed before it could replicate over the network. A command in the coding told the virus to contact an obscure website (Martin, Kinross &Hankin, 2017). The link was inaccessible as it did not exist and the code told it to carry on with the attack. This step was to become the kill switch of the virus but it would be unnoticeable for a few hours. This provided it time to infect all other computers through the help of network. After rooting itself into the system the code then told the virus to check the file sharing system of the computer. To know the system better the virus used an already constructed spying tool named EternalBlue. The software was stolen from the National Security Agency of US and was leaked online. With the help of this software, the virus exploited the loophole in the coding of the Windows system. The loophole allowed the virus to spread itself using the file sharing property like dropboxes and shared drives without taking permission from the user. It took some time and then the initial attack virus spread using the file sharing system (Kuner et al., 2017). Spain’s Telefónica was the first company to announce the attack of the WannaCry virus. After lunch on the same day a computer analyst fund the kill switch in the virus code and went to the website. He bought the domain and activated it. This caused the virus to visit the website whenever it would start attacking a computer. This caused the virus to fallout.
To safeguard one’s self from such ransom ware virus, one should follow the following steps:
References
Chakravartula, R. N., & Lakshmi, V. N. (2017). Combating Malware with Whitelisting in IoT-based Medical Devices. International Journal of Computer Applications, 167(8).
Collier, R. (2017). NHS ransomware attack spreads worldwide.
Kuner, C., Svantesson, D. J. B., H Cate, F., Lynskey, O., & Millard, C. (2017). The rise of cybersecurity and its impact on data protection. International Data Privacy Law, 7(2), 73-75.
Martin, G., Kinross, J., &Hankin, C. (2017). Effective cybersecurity is fundamental to patient safety.
Mohurle, S., &Patil, M. (2017). A brief study of Wannacry Threat: Ransomware Attack 2017. International Journal, 8(5).
Renaud, K. (2017). It makes you Wanna Cry.
Wirth, A. (2017). It’s Time for Belts and Suspenders. Biomedical Instrumentation & Technology, 51(4), 341-345.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download