Introduction
Cyber tend to be the latest buzzword
that is taking the media by storm. In the past five years, we have heard about
news regarding cyber attacks on organizations. A cyber attack refers to an
attack initiated from the computer against a website, individual computer, or
computer system that compromises the integrity, confidentiality, or
availability of the information or computer stored on it. The cyber security
incidents are increasing in frequency and sophistication, and because the
breach affects financial and personal information, the incidents are becoming
new stories, damaging business, and reputations of victims. The procedure for
investigating and also responding to the cyber attack depend on the nature of
the attack itself. Whether the attack is internal or external, most
organizations usually focus on getting the business back up and running. In
this report, I will focus on a cybersecurity attack that happened, identify the
threat, communicate the cyber attach to key stakeholders, and develop a solution
for resolving the problem.
Threat
In 2014, eBay suffered one of the
biggest hacks. EBay revealed that the hackers managed to steal personal records
of 233 million users. The hack occurred between February and March with the
compromise of usernames, phone numbers, physical addresses, and passwords. In
this case, hackers were able to steal eBay credentials and managed to gain
access to very sensitive data. The attackers were able to access all the
information through obtaining login details of some employees (Thomson 2014).
EBay did encourage its users to change their passwords and assured them that
their financial information was not stolen. The company emphasized that the
hackers were not able to get access to the financial records because PayPal was
not breached. The PayPal customer data was stored and encrypted separately from
the eBay customer data (Thomson 2014). The database that hackers accessed did
not contain financial information on customers such as the credit card numbers.
The attack that happened against eBay tends to be one of the latest in the
growing number of successful cyber security breaches. The attack on the company
is an indication of the vulnerability of even well-established sites that have
strong security teams and no history of prior data breaches.
Communicating cyber
attack to key stakeholders
High-profile hacks are usually
embarrassing and tend to hurt brand equity. At eBay, the key stakeholders
include the customers and its partners. As the Chief Information Security
officer, it is essential that when an attack occurs like this, it is important
to notify customers and investors. A large part of dealing with a crisis is
deciding who the target audience is and how to address them. In the case of
eBay, they waited for two weeks after the hack happened to notify its
stakeholders. As a way of containing the damage, it is essential to send out a
timely mass email to the registered users and also consider posting a large
warning at the top of the website. Transparent, clear, and frequent
communication when communicating with stakeholders as it helps put them at ease
and they can trust your statements and confidence that you are dealing with the
situation (Shackelford, 2014). It was essential to ensure that there was
immediate communication so as to inform the key stakeholders the incident that
had occurred. Through communication, it would be possible to inform people that
the hackers were not able to obtain any financial information. It is also my
responsibility as the CISO to communication the actions that the company is
taking so as to ensure that the incident does not happen again.
So as to safeguard information that can
bring harm to the organization or customers when it falls into the wrong hands,
I need to be ready to respond proactively to the attack and take immediate
control of the situation. As a means of communication, an important channel
that I can use is the social media channels such as Twitter. Managing the media
is imperative, and media tend to be an effective means of reaching the target
audience, and it is necessary that the media should have my side of the story
(Denning & Denning 2010). When communicating with the stakeholders, I would
highlight that data breaches are now a daily occurrence, and it is our moral
and legal obligations to advise our stakeholders of the breach that occurs. It
is essential to inform stakeholders that hackers target any organization with
the aim of leaking or stealing sensitive information. However, so as to ensure
that the incident does not happen again, I am putting cyber security measures
that will help to strengthen the existing security in place so as to avoid any
more data breach.
Solution to resolve the
problem
As the Chief Information Security
Officer, it is essential to have effective security measures against
cyberattacks. Lack of immediate response to attack can victimize your customers
to every incident targeting the company. A good incident response usually
requires early detection and the organizational readiness. The key to managing
any crisis is preparing effectively. Getting the users to change their
passwords is normally the first step of call for a company once it detects a
breach. Information security is the responsibility of everyone in the
organization and expecting only the IT department to have the sole
accountability over the security in the organization is a recipe for failure.
According to Cordesman & Cordesman (2002), effective security must focus
less on keeping the attackers out permanently and more in putting the systems
and processes in place that will aid recovery and a quick reaction to an
intrusion. The cyber attack on eBay demonstrated a lack of preparedness of the
company against cyber attacks. The company only noticed the hack after two
weeks indicating that the people responsible for ensuring security were not
performing their duties. Most companies are using antivirus and firewalls as a
way of protecting their firms from any security breach. However, the use of
these measures is not effective enough in protecting a company’s data
(Shackelford, 2014). Most organizations require professional help in responding
to cyber security incident in an effective and fast manner.
In the case of eBay, it is essential to
establish measured that will help prevent any cyber attack. An essential factor
to consider in resolving the problem is through looking into all the security
chains in the company. In these aspects, it will be possible to evaluate any
weak links that exist in the company’s lines so as to determine those areas
that are vulnerable to attacks (Schiller, 2010). Any areas that appear exposed
to attacks will be resolved immediately and ensure that there is a frequent
evaluation of the links. Another way of resolving the problem is looking at the
company’s preparedness to attacks. It involves critically access the current
state of the security preparedness of the company. I will consider preparing
realistic scenarios of any possible attacks and the appropriate way to respond
to such attacks. There will be a need for the company to consider setting aside
resources that will help train employees the strategies for responding to
attacks and how to reinforce the concepts and the urgency of preparedness.
Increasing the employee awareness tend to be one of the most cost-effective
methods for preventing a cyber attack. Training employees on cyber security are
essential to a cyber attack can even occur just by the cyber criminal having
access to the laptop of an employee (Shackelford, 2014).
Another solution that is important in
resolving the problem is to evaluate the security policy available so as to see
measures available to ensure restriction on unauthorized access to systems. The
attack that happened at eBay was as a result of hackers obtaining login details
of some employees. It is essential that employees should ensure that they
adhere to the security policies so as to ensure the security of data (Cordesman
& Cordesman 2002). It is necessary to have passwords available that limit
any unauthorized people from having access to certain sites or even facilities
in the company. Performing network scans is also a good strategy for protecting
the company from attacks as it helps access the activities that are happening
in the company’s network. Conducting the scans will help to identify any
illegal activities that can be happening and will prevent any intended attacks
on the company. Creating a dedicated security and the data governance team with
expertise and resources needed to keep the response plan up-to-date, clear, and
well-understood.
As the CISO, it is important to consider
having a company database on a different web server. The aim of having a
database on a different web server is that it helps to make sure any attack on
the primary application server does not interfere with other servers that are
hosting the computer system of the organization. Another method of resolving
the problem is ensuring that the computers in the organization are updated
(Schiller, 2010). It tends to be the simplest solution to preventing attacks,
and it is important to ensure that the entire network is up to date. Updating
the network involves paying close attention to all notifications regarding the
operating systems, web browsers, antivirus software, and firewalls. Ignoring
these notifications tend to leave cracks in the defense system of the company.
Conclusion
The costly cyber-attacks are becoming so
frequent across industries such that the cybersecurity is top of mind in
executives and customers across the world. Cybercrime tends to damage
competitiveness, trade, innovation, and the global economic growth. One thing
is that cyber criminals are becoming very advanced with every passing day.
These criminals are finding news for infiltrating the business infrastructure
and stealing very sensitive data that may cost billions of losses per year.
Hence, it is necessary to be better prepared to protect the organization and
intellectual property. Hackers were able to steal personal information from
eBay indicating that no company is safe from attacks. Hence, it is paramount
that organization should ensure that they implement effective security measures
so as to protect from cyber attacks.
Reference
Cordesman,
H., & Cordesman, G. (2002). Cyber-threats,
information warfare, and the critical infrastructure protection: defending the
US homeland. Greenwood Publishing Group.
Denning,
J., & Denning, E. (2010). Discussing cyber attack. Communications of the ACM, 53(9), 29-31.
Schiller,
J (2010). Cyber attacks & Protection.
CreateSpace
Shackelford,
S (2014). Managing cyber attacks in
international law, business, and relations. Cambridge University Press
Thomson,
R (2014). EBay cyber attack hit ‘large
part’ of 145 million users.
Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in best custom research papers if you need a similar paper you can place your order for custom college essay services.
No comments:
Post a Comment