Data Breaches and Social Engineering Essay

Download this Essay in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Essay:

victims of an organization's data breach?

The largest data brokers, government agencies, retailers, Internet businesses, financial institutions and educational institutions of the nation have disclosed a number of computer intrusions and data breaches. A data breach can take place in case of theft or loss of, or some kind of illegal access to the data that contains sensitive information which is personal and can compromise the integrity or confidentiality of the data. The name of an individual, his/her telephone number, or address are normally considered to be personal information along with the personal identification password or number, Social Security number, debit or credit card number, account number etc. In majority of the states the breach notification laws require that the information breached should be reported along with the breach of the report even if the information is personal and of sensitive nature (Stevens, 2008).

Trust is that one word that all this comes down to. The hard-earned trust of a corporation and its reputation can get damaged by the way that it handles a data breach. According to a survey which was conducted in 2008 in the U.S. 79% of the consumer's loss of trust in a business or site occurs due to the way that they deal with the privacy or security breach.

Since there is mostly complexity in the situations where the data gets compromised, making quick communication decisions in order to deal with and reduce the damage caused by the breach is often very hard. The complicated nature of each separate data breach also complicates these situations further. However it is still essential that a breach gets handled in an appropriate manner as, a breach that is handled in a poor manner can have its impact on the business in the long as well as short run. Therefore, it is essentially to have an ongoing and thorough data plan as, it is only then that a breach can be handled properly.

Question 2: What is social engineering? Give an example.

The process through which an individual is deceived into giving inappropriate access of confidential information is known as social engineering. Trust of the intended victim is initially gained by the social engineer and later on this trust is used by him/her to access the personal information of the victim. A human being is the weakest link in all the software and hardware that can play its part in compromising a security system (Arthurs, 2001). This kind of attack can't be prevented by the intrusion detection systems or the firewalls. Therefore, when it comes to getting information from a secure computer network, this is probably the most successful method. The weakness of the human nature to try to help others is what is taken advantage of by the social engineer.

Majority of the firms know about the internal threat that is posed by the social engineers however, they don't pay as much attention to it as they do to the implantation of the security system by implementing intrusion prevention and detection with the help of software and hardware. It is very important that the employees are taught about the importance and how to handle the internal threat that the company might face as, majority of the threats that are faced by companies are of an internal nature.

There needs to be some background work done before the people hacker can start his attack. This phenomenon is called "footprinting" (Allen, 2001, p. 2). Mostly footprinting is the lengthiest attack phase as; it includes collecting background information regarding the intended victim. On the completion of this phase one or more methods are used by the social engineer in order to start the attack. There are two categories that these methods can be broken into computer-based impersonation and human-based impersonation (Allen, 2001, p.2).

Question 3: Explain how identity theft can occur.

It is on a physical level that the attack which is based on human impersonation takes place. Some kind of interaction either indirect or direct is needed with the user for this kind of attack. Some of the most common methods will be discussed in the paragraphs below.

One of the very common methods is the Direct Approach. In his methods the desired information is asked for by the target such as: What is your password? This can be done by the attacker on the phone or personally. However, this method mostly can only work if the victim knows the attacker (Gulati, 2003).

The second method is called Person of Authority or Important User Method. In this method an authority position role is assumed by the attacker as he tries to get the required information for the victim (Allen, 2001). For example, the front desk gets a call from a man who is saying that he is the vice-president of the company and has a meeting in 5 minutes but his password isn't working and he needs access to the files as, the meeting is of very important nature and he can't wait any longer and wants the password to be reset right now!

Reverse Social Engineering is a method in which the target tries to get access to the information or help from the attacker who has been assumed to be an individual of authority by the target when actually it's not the case. Following are the cases that are a part of this method according to Allen: (1) Sabotage: this is the method in which the social engineer causes a system to malfunction after getting access to it and the target approaches the social engineer in the hopes of getting his problem fixed. (2) Marketing: this is where a business card or information is deliberately left by the attacker so that when the victim faces a problem he would call him to help. (3) Support, this is when support is provided by the attacker to the user for the problem that he is facing while he tries to get the required information from his network or workstation (Allen 2001, p.3).

Question 4: List benefits of e-business. What are the major types of e-business transactions?

The most significant various kinds of e-commerce transactions according to Adam, Z.R are (B2C) Business-to-Consumer transactions, (B2B) Business-to Business transactions, (C2C) Consumer-to-Consumer transactions, (B2G) Business-to-Government transactions and M-commerce transactions that is also known as mobile commerce.

The simple e-commerce which is there between 2 businesses is known as business-to-business. This kind of e-commerce is said to be the safest and fastest especially compared to B2C. Here, online transactions take place between two businesses. Approximately, 80% of the businesses online have B2B type. The e-commerce that takes place between the consumers and companies is known as business-to-consumer. This is where the transaction can occur offline or online between the consumers and the business or where they are just trying to get some information regarding services and product that are being offered by the company. Costco and Amazon are some of the examples of B2B.

The e-commerce between the public sector and companies is called business-to-government. The e-commerce which is present between the private individuals and the fellow consumers is known as consumer-to-consumer. This is the form of e-commerce that is said to have a lot of potential for growth.

The e-commerce which is related to reverse auction is known as consumer-to-business. This is mainly the opposite of selling and here it's the needs of the consumers that are responded to by the company. E-commerce of this kind is hardly ever encountered. In the Mobile commerce the e-commerce transactions takes place via wireless networks from the businesses to the consumers.

Question 5: What is the advantage of using cloud computing as the platform for e-government?

The revolution of Internet that has taken place all over the world has changed the ways that we work,…[continue]

Cite This Essay:

"Data Breaches And Social Engineering" (2014, April 12) Retrieved December 5, 2016, from

"Data Breaches And Social Engineering" 12 April 2014. Web.5 December. 2016. <>

"Data Breaches And Social Engineering", 12 April 2014, Accessed.5 December. 2016,

Other Documents Pertaining To This Topic

  • Social Engineering Information Security

    Social Engineering and Information Security We are in an age of information explosion and one of the most critical problems facing us is the security and proper management of information. Advanced hardware and software solutions are being constantly developed and refined to patch up any technical loopholes that might allow a hacker attack and prevent consequent breach of information security. While this technical warfare continues, hackers are now pursuing other vectors

  • General Aspects on Social Engineering

    Social Engineering as it Applies to Information Systems Security The research takes into account several aspects that better create an overview of the term and the impact it has on security systems. In this sense, the first part of the analysis reviews the concept of social engineering and the aspects it entails. Secondly, it provides a series of cases that were influenced by social engineering and the effects each had on

  • Social Commerce in Saudi Arabia

    Social Commerce in Saudi Arabia: How the Social Media Affect the E-Commerce in Saudi Arabia SOCIAL COMMERCE IN SAUDI ARABIA Conceptual Framework Model Social Media Psychological Aspect and Theories Administration Digital Divide in Saudi Arabia Ethos, Religious conviction, and Government in E-commerce Adoption The Rise of the PR Industry in Saudi Arabia Conceptual Model and Research Hypothesis (Drawing) Research Contribution Social Commerce in Saudi Arabia Modern Saudi Arabia today actually represents an exceptional and convergent mixture of social conservatism and technological ability,

  • Big Data Annotated Bibliography

    Zaslavsky is the leader of the Semantic Data Management Science Area (SMSA). He has published more than 300 publications on science and technology. Perera has vast experience in computing and technology as he is a member of the Commonwealth Scientific and Industrial Research Organization alongside publishing numerous journals. Georgakopoulos is the Director of Information Engineering Laboratory. He has published over 100 journals on issues related to science and technology

  • Role of Technology in Corporate and Social

    Role of Technology in Corporate and Social Responsibility Insider trading. The insider trading case that has become most prominent is that against Raj Rajaratnam who ran the hedgefund Galleon Group, and was charged along with his co-defendant, Danielle Chiesi, a former consultant with New Castle Funds, LLC ("Insider Trading," 2010). Rajaratnam was convicted of 14 counts of insider trading, which makes this case the largest scheme concocted by a hedge fund

  • Cloud Computing and Data Security

    It's a tidal wave that's going to engulf us all within the next five years. Cloud services will be a $160 billion industry by the end of 2011" (Ginovsky 2011, 21). Although the decision to transition from a traditional approach to cloud computing will depend on each organization's unique circumstances, a number of general benefits have been cited for those companies that have made the partial or complete transition to

  • Metrics Implementation and Enforcement Security Governance

    Metrics, Implementation, and Enforcement (Security Governance) How can you determine whether there has been a malware outbreak? The threat situation today has become more dangerous than in the past. Security and safety threats have been increasing in an alarming rate; there are more than 70,000 brand new bits of malware recognized daily. Well-funded cybercriminals have been currently making advanced malware that has been made to bypass present security options by launching prior

Read Full Essay
Copyright 2016 . All Rights Reserved