HI5019 Cyber Security Case Studies Assessment Answer

Strategic Information Systems for Business and Enterprise

Introduction

The world is in a realm of technological advancement. This has created a new dimension in the business dynamics of the company. There are many companies which relied on computerized technology to perform its business operations. The issues in this computerized technology are cyber issues. The cyber issues are prevailing in this modern world. In this project, three kinds of cyber issues are described. The case of the Equifax Company the cyber issue is based on the hacking of the company’s website. The case of the Marriot International Company is based on the hacking of the personal details and financial details of the customers. The case of the E Bay Company is based on the hacking of the user profiles. The impacts of cyber issues are also described. The solution used in solving cyber issues is also stated. The recommendation and future applications to avoid these issues are also given in this project.

Discussion

Case study 1: Equifax data breach

A. Description of the case company:

Background of Equifax

Equifax is the biggest customer credit agency that provides human resources, analytical data, information solutions, outsourcing services for consumers, businesses and governments in the US. This organization provides several information regarding customers to the clients of several corporate groups like finance, insurance, banking, credit card, telecommunications and retail sector (Referenceforbusiness, 2020). This corporate group operates in 4 different segments such as workforce solutions, US information solution, and international and global customer solutions. This credit agency has facilitated approx 10 million electronic transactions each day for its 300000 consumers throughout the world. This company is boosting its operations in 18 nations, along with its sales activity in 45 nations (Equifax, 2020).

Demonstrate the primary business operations of the credit agency

Equifax group utilizes software tools and statistical methods to analyze the collected data, decision-making results, making customized insights along with proceeding services for its consumers. This credit agency aids its customers to comprehend, protect and manage their private data and transfer it into more customized financial decisions (Investing, 2020). This US organization also involves in delivering business credit risk securing and managerial solutions through alternative lenders and online along with commercial leasing and finance companies. Equifax group has an assorted array within its business operations including software services, payment services, analytics, modelling, direct to customer services, consulting and many more (Referenceforbusiness, 2020).

B. Description Of cybersecurity problems:

Identify issues happened in its cybersecurity system

The entire study has focused on data breach happens in Equifax company and how it affects the entire organization. Equifax is the largest data analytics and technology organization in the US. During the 3rd quarter of 2017, the management of Equifax has declared that a vulnerability has occurred in their official website and it tends to data hacking of Equifax’s customers (Ftc, 2020) As per several research reports, when an unethical and intentional exposure of anyone's personal data has happened by any unauthorized groups, then data breach has happened. This breach was discovered after 2 months of its starting, in the last of July. This breached information has covered data related to its customers' names, their home address, birth dates, information about social security, driver license numbers, phone numbers and many other things. Despite that information of credit card details of approx 209000 consumers were also affected due to this attack in Equifax's cybersecurity.

Identify risks attached to this cybersecurity problem

According to Boeckl et al. (2019), for cybersecurity functions, the risk is related to threats occurring due to the misuse of vulnerabilities through some threat actors to data confidentiality availability or integrity. This risk has arisen from the unauthorized behaviour of the system. Based on several research reports, it has found that the cyber-security problem occurred in Equifax has carried six risk factors, they are:

● Nation-states 

●Hacktivists

● Cybercriminals 

●Service providers and insiders

●Developers or manufacturers of services and substandard products

● Poor configuration of IoT applications, cloud services 

In most cases, the high-profile hackings on institutional networks or corporate servers have been done by any outsider group of victim organizations (Securityforum, 2020). In the case of Equifax, the Chinese military has been cited for this data breach, although the management also thought about another three inside threats of malicious, accidental and negligent.

Influence of this cybersecurity problem on Equifax

After this cyber-security fault a large volume of response and security lapses in Equifax group. Due to this cyber crisis, the main vulnerability of the application, which allowed hackers to attack was unpatched. On the other hand, inadequate segmentation of the system has made the task easy for hackers (Ftc, 2020). This breach crisis happened in Equifax is exceptional in terms of extremity and scope. This data hacking has exploited confidential data of approx 150 million consumers. The hierarchy of this credit agency has announced that this data breach has affected its customers from Canada and the UK also. Depending on investigation, it has been found that this breach was done through utilizing the online variance of web application of US information segment, not from the core credit reporting database (Epic, 2020). Thus this cyber crisis has decreased the market reputation of Equifax and it has to go through some legal procedures. 

C. Lessons learnt 

Description of actions taken to recognize the specific issue  

Once the cyber-security problem has come in the scenario, the management of Equifax group has got involved to recognize all existing factors. The investigation team has used the Classical model to identify its existing risk factors (YourArticleLibrary, 2020). Using these models, Equifax group has tried to collect all relevant information from authentic sources first. This model helped the organization to understand the company's vision by clarifying its cyber problems. The management has engaged a research team to do a thorough analysis of this matter. The authority of "Homeland security" has contacted Equifax to inform them about the vulnerability. After that, an email had been sent to Equifax by ordering them to apply for Apache patch.

Results find out from this reported action          

Streaming of confidential data is a major threat to any business organization like Equifax. Hence, once the cyber-issue had disclosed, the management had tried to take some instant action to get rid of this problem. The authority had made a set up of a totally different domain site, “equifaxsecurity2017.com” to access the relevant resources and information of potentially affected people (Epic, 2020). This site was lookalike the actual official site, which are mainly utilized for hacking and requested customers to believe this once. The management has also declared that if any customer were getting affected, then they could enrol in the ID protection system of Equifax directly. Despite, at the mid of financial year v2019, this agency had done a settlement with FTC for spending approx 1.38 billion dollars to solve its client's claims (Fruhlinger, 2020).  

Refer to one action, different from the reported action

In this case, the management of Equifax group has used the Classical model for identifying their problems and taking necessary actions. Here, the research team may use “Intuitive model” for making their decisions (ToughNickel, 2020). Primarily, this model aids to identify the potential cyber issue of Equifax, then it would allow managers to apply their intuition to examine the action patterns. This model allows managers to apply their experiences, knowledge, valuable resources and other inside information in a sophisticated manner. Using this model, the management would easily integrate isolated figures, fact and data to draw a complete image of this breach problem (Kenny, 2018). This model also engenders the result by comparing probable solutions. 

Figure 1: Intuition model

(Source:  ToughNickel, 2020)

Recommendation for intercepting such problems in future       

After completing the entire analysis, the author has tried to give some recommendation, which may help the Equifax group to prevent itself from such future cases. 

● The senior managers of Equifax need to attend the meetings arrange for discussing the organization’s vulnerabilities and cyber threats and make a regular follow-up on it.

● Equifax group needs to have a standalone written policy on its cybersecurity.

● Equifax group needs to conduct an audit at least once a year to check its vulnerabilities

● The software developers must have to take more responsibility before implementing any new features in their technical system. 

Case 2: Marriot hotel

A. Description of the case company in each case

General information of the company

The Marriott International is the American based hospitality industry which provides hotel services to the customers. This is a multinational company and it is founded by the J Marriott and A Marriott (Marriott, 2020). This company was founded in the year of 1927 and its base is located in Bethesda located USA. This is a globally reputed company and the CEO is A Sorenson.

Key business processes of the company

The number of employees working at Marriott International is 176,000. The products of this company are hotels and resorts. The annual revenue of this company is 20.75 billion dollars and the annual operating income is 2.36 billion dollars. The subsidiaries of this company are the Starwood, Ritz-Carlton, etc. The number of locations the company has 6,000 throughout the planet (Marriott, 2020). This company provides Luxury, Premium, Select and Longer Stay as the main business services to the customers.

B. Cybersecurity issues covered in each case

Key cybersecurity issues identified in each case

The Marriott Company has faced a cyber attack at the end of the year 2018. The company has found that one of its reservation systems has been attacked. The millions of customers' records are hacked. This includes the personal details of the customers. The database of the Starwood brands has been attacked by the attackers and they also hacked the customer details which include financial details (Swinhoe, 2020). The hackers had also stolen some of the sensitive information which contains the passport and credit card numbers. The company has found that the attackers have used the Remote Access Trojan and Mimikatz to hack the system memory and user details of the Starwood subsidiary of Marriott Company. The cyberattack was initially held in the year of 2014 in Starwood and it was initiated by the Chinese intelligence department to capture the information of the US.

Risks associated with the issues

The risk of the issues of the cyber attack on the Starwood subsidiary of Marriott Company can make downfall in the security and customer management system of the company. The cyberattack has been identified during the flagging of a security tool which is based on an unusual database (Fruhlinger, 2020). This has resulted in the database query and it was initiated by the administrators and they had identified the problem of the cyber attack. This resulted in the flaw in the security of the customer profiles. The attack resulted in the formation of a new framework in the information and technology of Starwood. The customer profiles are also realigned and encrypted with new processes. The customers are also required by the company to change their profile and card numbers. This has been attempted by the Chinese intelligence to hack some information of the US individuals. This cyber-attack has resulted in the loss of the Marriott Company's reputation. The company has also been fined for the loss of customer details by the authorities of the UK and USA. The company has been fined for the case of improper cybersecurity and data breach.

Impacts of the issues on the case company

The impacts of the cyber attack in the Marriott Company are diverse. The attack has made millions of customer's change their passwords and numbers of the credit card and passport as the details are being theft. The number of the credit card has some encrypted keys and these are stored in the same server. The passport number had some encrypted keys and these are stored in the simple servers. The Marriott Company has found that the hackers had attempted and encrypted to eliminate from the Starwood system. They had managed to decrypt the information and they had also duplicated the records of the users. The 500 million customer profiles are going to be changed and rearranged to reduce the risk of cybercrime (Fruhlinger, 2020). The cyberattack has been initiated in the Starwood and the customers are not decreased and this helped the company to make some advantage in the advancement of the solution. The cyberattack has also lowered some amount of global reputation of the Marriott Company.

C. Lessons learnt from each case

Actions reported in each case to address the identified issues

The Marriott International Company has declared that there is no such risk from the theft of information. The Marriott International Company has not provided compensation to any outfits of the customers. The New York Times has reported that the Marriott International Company can provide the replacement expenditures for the new number and password used in the credit card and passport. The Marriott Company has introduced a new centralized information process in the Starwood subsidiary to reduce the future cyber attacks and cyber hacking. In March of 2019, the company has the fine of the EU law and it has been levied (Fruhlinger, 2020). The company has decided to make some breach solving strategies to be implemented in each and every subsidiary of the company.

Outcomes of the reported actions

The Marriott Company and its subsidiary Starwood are guilty of their security failures. The lack of the proper security system in the database and information management process has caused the cyber problem. The significant outcome of the cyber incident of the Marriott Company has made the users change all kinds of passwords from the different kinds of accounts. The information which contains the preferences of the users are stolen by the hacker (Fruhlinger, 2020).  The company has also aware the users to stay from the emails which are saying to reset password and these kinds of emails use process tricking to derive the login credential. The Marriott Company has also fired one of the IT staff from Starwood. The company also advises the users to become more vigilant and the company has also designed new websites to prevent cyber hacks.

Proposed actions other than the reported ones that could be taken to address the issues

The Marriott Company has to provide a robust individual profile to the user. The company can reduce the informational access of the employees. The company can use the regular renewal of the user profiles (Dobrian, 2018). The company has to use regular password changes. The company has to monitor the Wi-Fi process of the computerized process. The company has to use better firewalls to improve the internet connection. The company also requires keeping the information backup which can be used to secure the user information. The company has brought new security analysis who can investigate cyber issues and solve cyber issues.

Suggestions for preventing the issues in future

The social media profiles have to be locked down and updated to prevent the hacking of the personal information of the users (Norton, 2020). The user's home network has to be strengthened to reduce any kind of cyber-attacks and it can be initiated through the advancement of the virtual private network and can help to keep the Wi-Fi secured. The support of the FBI and FTC is required during the indication of the cyber attack and this will help the company to reduce the legislative pressure

Case 3: eBay 

A. Description of the case company in each case

General information of the company

eBay is the multinational company which is based in America and it has its base located in San Jose California. The company is an eCommerce company which was founded in 1995 (Ebay, 2020). The founder of the company is Pierre Omidyar. This company provides online shopping to the customers and it has a worldwide business network.

Key business processes of the company

The number of active employees of the eBay Company is 14,000. The subsidiaries of the company are the iBazar, AuctionCo, GittiGidiyor, StubHub, etc (Ebay, 2020). The annual revenue of this company is 10.746 billion dollars. The annual net income of this company is 2.530 billion dollars. EBay manages shopping through online portals, online auctions and online marketing to its customers. This company makes the marketing of a broad variety of products and it has a proper global network.

B. Cybersecurity issues covered in each case

Key cybersecurity issues identified in each case

The eBay Company has declared the cyber issue in the year of 2014 and on the day of Wednesday. The advisory of the company has identified the cyber problem related to information hacking. The company has verified the problem as a cyber attack (Swinhoe, 2020). The attackers have stolen some of the information from the employee login credentials. The attackers have also tried to hack the corporate network and the system process. This hacking of the attackers is named as credential theft. The attackers have disguised the attack as phishing and malware.

Risks associated with the issues

The attacker of cybercrime has tried to steal the corporate details and employee details from the eBay Company. The company has also understood that the attackers have hacked the three corporate employees to make the proper access in their network. The attackers also hacked the email address and the profiles of the users of the eBay Company (Reuters, 2020). This has made some critical issues in the informational management in the company. The attackers had hacked the birth dates, mailing address, email address of the users and it was executed from February to March. The files which are being hacked do not contain the financial information of the company.

Impacts of the issues on the case company

This cyber-attack has reduced the reputation of the company. eBay Company has identified that the 145 million user profiles are being hacked and the company has requested to change the passwords of the users (Reuters, 2020). This caused some problems in the online commerce platform of the company. The impact of these cyber attacks come in the form the large volumes of the account have been compromised and the financial and information of the users are safe. This resulted in the alteration of the system process of the company. Most of the customers have changed their profile arrangements. The information of the company had become vulnerable to the hackers and as a result, the company has used the new cyber experts to integrate new framing of the security dynamics of the company. The company was also criticized for the improper communication process. The company was also criticized for the import password renewals process.

C. Lessons learnt from each case

Actions reported in each case to address the identified issues

The eBay Company has asked the customers and the users to alter their user passwords. The company has made frequent changes in the user profile renewal process. The company has also developed a proper communication process to make the customers satisfied and which can improve security solutions (Reuters, 2020). The experts of the security of the eBay Company have advised the customers to be alert from the fraud of the cyber attacks. The company has also advised customers to use different passwords for different kinds of eBay accounts. The hackers can use the automated software to log in the user profiles of the user. This can also make the hackers hack the social media profiles of the customers. The eBay Company did not take any relative measures in the reformulation of the database structure. The company has also stated that the hacking attack happens to many companies, agencies and organizations one at a time. The company has used only the approach of informing the customers and it has done some rearrangement in the user profiles.

Outcomes of the reported actions

The security experts of the eBay Company have said that it is almost not easy to prevent the hackers from involving in the networks and social engineering process. They can develop many kinds of techniques which can be used in the form of phishing emails (Reuters, 2020). They used to focus on tainted websites to create malicious links to initiate cyber attacks. They create and send malware which can steal the information from the profiles and websites. The eBay Company has also given some small amounts of information about hackers. The company requires making the use of new kinds of security applications to increase the withstanding potentials of the database from the problem of the cyber attacks.

Proposed actions 

Cyber attacks are prevalent in modern society. These cyber-attacks are the new kinds of digital crime which orioles the stealing of the information. The eBay Company which has faced the cyber attacks has to implement the new reformation in the informational and database system. The company has to bring the outside expert to improve the computerized system of the company. The training of the staff and employees are essential for the company to prevent the company from the cyber-attacks (Capacity Corner, 2020). The company has to install new kinds of antivirus and security applications in the computerized process and this software should be updated regularly to reduce the chances of cyber hacks.

Suggestions for preventing the issues in future

The use of the full-service internet security suite is advised to provide the real-time protection against the malware which has the virus and ransomware and it has the potential to protect the financial and private information (Xu et al., 2018). The strong passwords are advised for the users and they must be tested through the password management application and the use of the repeated password is strictly avoided.

Conclusion

As the world is improving technological advancements the rise of cybercrimes is increasing. The cybercriminals have the tendency to develop the new theft programming which can be used in any kind of software and website. They used to study the programming of the website which helped them to create hacking viruses and malware. The use of the proper security process which involves password changing and updating of profiles can help to reduce the issues of cybercrimes. In this project, three cases of cybercrimes are discussed. The Equifax Company has formulated a new domain site and ID protection to reduce the issues of the cyber attack. The Marriot International Company has used the changing of number and passwords of the customers. The EBay Company has used the changing of the password and renewal of the user profiles to reduce the issues of the cyber attacks. The cyber issues are based on the hacking of the user profiles. These companies have taken some preventative steps to reduce further hackings.