Cyber security attack

Introduction

Cyber tend to be the latest buzzword that is taking the media by storm. In the past five years, we have heard about news regarding cyber attacks on organizations. A cyber attack refers to an attack initiated from the computer against a website, individual computer, or computer system that compromises the integrity, confidentiality, or availability of the information or computer stored on it. The cyber security incidents are increasing in frequency and sophistication, and because the breach affects financial and personal information, the incidents are becoming new stories, damaging business, and reputations of victims. The procedure for investigating and also responding to the cyber attack depend on the nature of the attack itself. Whether the attack is internal or external, most organizations usually focus on getting the business back up and running. In this report, I will focus on a cybersecurity attack that happened, identify the threat, communicate the cyber attach to key stakeholders, and develop a solution for resolving the problem.

Threat

In 2014, eBay suffered one of the biggest hacks. EBay revealed that the hackers managed to steal personal records of 233 million users. The hack occurred between February and March with the compromise of usernames, phone numbers, physical addresses, and passwords. In this case, hackers were able to steal eBay credentials and managed to gain access to very sensitive data. The attackers were able to access all the information through obtaining login details of some employees (Thomson 2014). EBay did encourage its users to change their passwords and assured them that their financial information was not stolen. The company emphasized that the hackers were not able to get access to the financial records because PayPal was not breached. The PayPal customer data was stored and encrypted separately from the eBay customer data (Thomson 2014). The database that hackers accessed did not contain financial information on customers such as the credit card numbers. The attack that happened against eBay tends to be one of the latest in the growing number of successful cyber security breaches. The attack on the company is an indication of the vulnerability of even well-established sites that have strong security teams and no history of prior data breaches.

Communicating cyber attack to key stakeholders

High-profile hacks are usually embarrassing and tend to hurt brand equity. At eBay, the key stakeholders include the customers and its partners. As the Chief Information Security officer, it is essential that when an attack occurs like this, it is important to notify customers and investors. A large part of dealing with a crisis is deciding who the target audience is and how to address them. In the case of eBay, they waited for two weeks after the hack happened to notify its stakeholders. As a way of containing the damage, it is essential to send out a timely mass email to the registered users and also consider posting a large warning at the top of the website. Transparent, clear, and frequent communication when communicating with stakeholders as it helps put them at ease and they can trust your statements and confidence that you are dealing with the situation (Shackelford, 2014). It was essential to ensure that there was immediate communication so as to inform the key stakeholders the incident that had occurred. Through communication, it would be possible to inform people that the hackers were not able to obtain any financial information. It is also my responsibility as the CISO to communication the actions that the company is taking so as to ensure that the incident does not happen again.

So as to safeguard information that can bring harm to the organization or customers when it falls into the wrong hands, I need to be ready to respond proactively to the attack and take immediate control of the situation. As a means of communication, an important channel that I can use is the social media channels such as Twitter. Managing the media is imperative, and media tend to be an effective means of reaching the target audience, and it is necessary that the media should have my side of the story (Denning & Denning 2010). When communicating with the stakeholders, I would highlight that data breaches are now a daily occurrence, and it is our moral and legal obligations to advise our stakeholders of the breach that occurs. It is essential to inform stakeholders that hackers target any organization with the aim of leaking or stealing sensitive information. However, so as to ensure that the incident does not happen again, I am putting cyber security measures that will help to strengthen the existing security in place so as to avoid any more data breach. 

Solution to resolve the problem

As the Chief Information Security Officer, it is essential to have effective security measures against cyberattacks. Lack of immediate response to attack can victimize your customers to every incident targeting the company. A good incident response usually requires early detection and the organizational readiness. The key to managing any crisis is preparing effectively. Getting the users to change their passwords is normally the first step of call for a company once it detects a breach. Information security is the responsibility of everyone in the organization and expecting only the IT department to have the sole accountability over the security in the organization is a recipe for failure. According to Cordesman & Cordesman (2002), effective security must focus less on keeping the attackers out permanently and more in putting the systems and processes in place that will aid recovery and a quick reaction to an intrusion. The cyber attack on eBay demonstrated a lack of preparedness of the company against cyber attacks. The company only noticed the hack after two weeks indicating that the people responsible for ensuring security were not performing their duties. Most companies are using antivirus and firewalls as a way of protecting their firms from any security breach. However, the use of these measures is not effective enough in protecting a company’s data (Shackelford, 2014). Most organizations require professional help in responding to cyber security incident in an effective and fast manner.

In the case of eBay, it is essential to establish measured that will help prevent any cyber attack. An essential factor to consider in resolving the problem is through looking into all the security chains in the company. In these aspects, it will be possible to evaluate any weak links that exist in the company’s lines so as to determine those areas that are vulnerable to attacks (Schiller, 2010). Any areas that appear exposed to attacks will be resolved immediately and ensure that there is a frequent evaluation of the links. Another way of resolving the problem is looking at the company’s preparedness to attacks. It involves critically access the current state of the security preparedness of the company. I will consider preparing realistic scenarios of any possible attacks and the appropriate way to respond to such attacks. There will be a need for the company to consider setting aside resources that will help train employees the strategies for responding to attacks and how to reinforce the concepts and the urgency of preparedness. Increasing the employee awareness tend to be one of the most cost-effective methods for preventing a cyber attack. Training employees on cyber security are essential to a cyber attack can even occur just by the cyber criminal having access to the laptop of an employee (Shackelford, 2014).

Another solution that is important in resolving the problem is to evaluate the security policy available so as to see measures available to ensure restriction on unauthorized access to systems. The attack that happened at eBay was as a result of hackers obtaining login details of some employees. It is essential that employees should ensure that they adhere to the security policies so as to ensure the security of data (Cordesman & Cordesman 2002). It is necessary to have passwords available that limit any unauthorized people from having access to certain sites or even facilities in the company. Performing network scans is also a good strategy for protecting the company from attacks as it helps access the activities that are happening in the company’s network. Conducting the scans will help to identify any illegal activities that can be happening and will prevent any intended attacks on the company. Creating a dedicated security and the data governance team with expertise and resources needed to keep the response plan up-to-date, clear, and well-understood.

As the CISO, it is important to consider having a company database on a different web server. The aim of having a database on a different web server is that it helps to make sure any attack on the primary application server does not interfere with other servers that are hosting the computer system of the organization. Another method of resolving the problem is ensuring that the computers in the organization are updated (Schiller, 2010). It tends to be the simplest solution to preventing attacks, and it is important to ensure that the entire network is up to date. Updating the network involves paying close attention to all notifications regarding the operating systems, web browsers, antivirus software, and firewalls. Ignoring these notifications tend to leave cracks in the defense system of the company.

Conclusion

The costly cyber-attacks are becoming so frequent across industries such that the cybersecurity is top of mind in executives and customers across the world. Cybercrime tends to damage competitiveness, trade, innovation, and the global economic growth. One thing is that cyber criminals are becoming very advanced with every passing day. These criminals are finding news for infiltrating the business infrastructure and stealing very sensitive data that may cost billions of losses per year. Hence, it is necessary to be better prepared to protect the organization and intellectual property. Hackers were able to steal personal information from eBay indicating that no company is safe from attacks. Hence, it is paramount that organization should ensure that they implement effective security measures so as to protect from cyber attacks.

Reference

Cordesman, H., & Cordesman, G. (2002). Cyber-threats, information warfare, and the critical infrastructure protection: defending the US homeland. Greenwood Publishing Group.

Denning, J., & Denning, E. (2010). Discussing cyber attack. Communications of the ACM, 53(9), 29-31.

Schiller, J (2010). Cyber attacks & Protection. CreateSpace

Shackelford, S (2014). Managing cyber attacks in international law, business, and relations. Cambridge University Press

Thomson, R (2014). EBay cyber attack hit ‘large part’ of 145 million users.

Sherry Roberts is the author of this paper. A senior editor at MeldaResearch.Com in best custom research papers if you need a similar paper you can place your order for custom college essay services.